On 10/22/21 16:13, Rowland Penny via samba wrote:> On Fri, 2021-10-22 at 15:50 -0500, Patrick Goetz via samba wrote: >> These comments are with reference to >> >> https://wiki.samba.org/index.php/Group_Policy >> >> This boxed comment: >> --------------------------------------------------------- >> If you run the command without specifying which DC to use with '-H', >> the >> ADMX templates may be installed on another DC. >> --------------------------------------------------------- >> >> which refers to `samba-tool gpo admxload -UAdministrator` >> >> seems muddled. Wouldn't the samba-tool you're running be associated >> with >> a specific DC; i.e. the host which samba-tool is installed on, in >> which >> case omission of the -H flag should always default to the local DC? >> How >> would it randomly write things to a remote URL? > > Believe me it does, I ran the command three times on a DC before I > realised why the admx files were not in the DC's sysvol. The command > ran and finished without any errors, but I couldn't find the admx files > on the DC I ran the command on. I finally found them on my other DC, I > had to specify the DC with -H to ensure they were placed on the DC I > ran the command on. >OK, but the documentation is a but unclear, simply stating I need to use the "URL" of the target server. Is this the FQDN, or can I just use the hostname? The relevant question is how is this URL being resolved? And never mind how horrible this design is. The exclusion of -H should always indicate a local installation. Good grief.>> >> Immediately following one finds this without context: >> >> To install Microsoft's ADMX templates: >> >> msiextract /path/to/microsoft/download/Administrative\ Templates\ >> \(.admx\)\ for\ Windows\ 10\ October\ 2020\ Update.msi >> samba-tool gpo admxload -UAdministrator >> --admx-dir=/path/to/extracted/msi/Program\ Files/Microsoft\ Group\ >> Policy/Windows\ 10\ October\ 2020\ Update\ >> \(20H2\)/PolicyDefinitions/ >> >> >> Samba does not appear to have an msiextract command, so where >> exactly >> would I be running this command? I can't find the command on my >> Windows >> 10 client, either. I'm left with no idea how or where one might run >> this. > > This was added by David Mulder and it appears that 'msiextract' is part > of 'msitools' (Debian package) > > Rowland > > >
On Sat, 2021-10-23 at 08:43 -0500, Patrick Goetz via samba wrote:> > On 10/22/21 16:13, Rowland Penny via samba wrote: > > On Fri, 2021-10-22 at 15:50 -0500, Patrick Goetz via samba wrote: > > > These comments are with reference to > > > > > > https://wiki.samba.org/index.php/Group_Policy > > > > > > This boxed comment: > > > --------------------------------------------------------- > > > If you run the command without specifying which DC to use with '- > > > H', > > > the > > > ADMX templates may be installed on another DC. > > > --------------------------------------------------------- > > > > > > which refers to `samba-tool gpo admxload -UAdministrator` > > > > > > seems muddled. Wouldn't the samba-tool you're running be > > > associated > > > with > > > a specific DC; i.e. the host which samba-tool is installed on, in > > > which > > > case omission of the -H flag should always default to the local > > > DC? > > > How > > > would it randomly write things to a remote URL? > > > > Believe me it does, I ran the command three times on a DC before I > > realised why the admx files were not in the DC's sysvol. The > > command > > ran and finished without any errors, but I couldn't find the admx > > files > > on the DC I ran the command on. I finally found them on my other > > DC, I > > had to specify the DC with -H to ensure they were placed on the DC > > I > > ran the command on. > > > > OK, but the documentation is a but unclear, simply stating I need to > use > the "URL" of the target server. Is this the FQDN, or can I just use > the > hostname?Both will probably work. I used the FQDN.> The relevant question is how is this URL being resolved?Sorry, but I didn't write the code and I haven't read it in depth, so I do not know how the URL is resolved, except that it is usually done on a round-robin basis.> > And never mind how horrible this design is. The exclusion of -H > should > always indicate a local installation. Good grief.Did I mention that I didn't write this ;-) Rowland