On 29-05-2025 15:32, Olaf Fr?czyk via samba wrote:> Hello,
>
> I try to get group policies working.
>
> I have created a test policy for a group of computers
> "Workstations-Promienista".
>
> The group has one computer now: "SUNSHINE".
>
> The policy is generated on the samba server sysvol:
> {CF9B4F2F-9CB4-4A36-A5A0-91D18A20655B}.
>
A GPO is more than a set of files on sysvol, there are also LDAP entries
required.
You can use "samba-tool gpo create" to create a GPO: LDAP + an empty
sysvol directory and then add your files there. Another option is to
create it from Windows with GPMC.
- Kees.
> [root at dc1 Policies]# tree
> .
> ??? {31B2F340-016D-11D2-945F-00C04FB984F9}
> ?? ???? GPT.INI
> ??? {6AC1786C-016F-11D2-945F-00C04FB984F9}
> ?? ???? GPT.INI
> ??? {7AE52791-EC45-43AA-8289-022DF5AB0AFC}
> ?? ???? GPT.INI
> ?? ???? Machine
> ?? ???? User
> ?? ? ? ???? Applications
> ?? ? ? ???? comment.cmtx
> ?? ? ? ???? Documents & Settings
> ?? ? ? ???? Registry.pol
> ?? ? ? ???? Scripts
> ?? ? ? ? ? ???? Logoff
> ?? ? ? ? ? ???? Logon
> ??? {CF9B4F2F-9CB4-4A36-A5A0-91D18A20655B}
> ? ? ??? GPT.INI
> ? ? ??? Machine
> ? ? ?? ???? comment.cmtx
> ? ? ?? ???? Registry.pol
> ? ? ??? User
>
> 13 directories, 8 files
>
> However it is not applied on the target computer:
>
> PS C:\WINDOWS\system32> gpresult /r /scope computer
>
> Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
> ? Microsoft Corporation. All rights reserved.
>
> Created on ?2025-?05-?29 at 15:02:31
>
>
> RSOP data for? on SUNSHINE : Logging Mode
> ------------------------------------------
>
> OS Configuration:? ? ? ? ? ? Member Workstation
> OS Version:? ? ? ? ? ? ? ? ? 10.0.19045
> Site Name:? ? ? ? ? ? ? ? ? ?Default-First-Site-Name
> Roaming Profile:
> Local Profile:
> Connected over a slow link?: No
>
>
> COMPUTER SETTINGS
> ------------------
> CN=SUNSHINE,CN=Computers,DC=navidom,DC=office,DC=navi,DC=pl
> ? ? Last time Group Policy was applied: 2025-05-29 at 14:51:50
> ? ? Group Policy was applied from: dc2.navidom.office.navi.pl
> <http://dc2.navidom.office.navi.pl>
> ? ? Group Policy slow link threshold:? ?500 kbps
> ? ? Domain Name:? ? ? ? ? ? ? ? ? ? ? ? NAVIDOM
> ? ? Domain Type:? ? ? ? ? ? ? ? ? ? ? ? Windows 2008 or later
>
> ? ? Applied Group Policy Objects
> ? ? -----------------------------
> ? ? ? ? Default Domain Policy
> ? ? ? ? Local Group Policy
>
> ? ? The computer is a part of the following security groups
> -------------------------------------------------------
> ? ? ? ? BUILTIN\Administrators
> ? ? ? ? Everyone
> ? ? ? ? BUILTIN\Users
> ? ? ? ? NT AUTHORITY\NETWORK
> ? ? ? ? NT AUTHORITY\Authenticated Users
> ? ? ? ? This Organization
> ? ? ? ? SUNSHINE$
> ? ? ? ? Domain Computers
> ? ? ? ? Workstations-Promienista
> ? ? ? ? Authentication authority asserted identity
> ? ? ? ? Claims Valid
> ? ? ? ? System Mandatory Level
>
> Below are links to images of the created GPO on google drive:
>
https://drive.google.com/file/d/1RzMFYtzRFRw0TYl2YJnpV7W-H__566xW/view?usp=sharing
>
>
https://drive.google.com/file/d/1VHHgcRY4X6yZS6A28_Nb0ztq6y2VFry6/view?usp=sharing
>
>
https://drive.google.com/file/d/1fcx1YNephjvzCSkCcFzFWo_Ut50FDvkP/view?usp=sharing
>
>
https://drive.google.com/file/d/10f7h2OQ3Ok88TMTjmr2QiX3rN-uQKUr4/view?usp=sharing
>
>
> Could somebody please help me find the problem?
>
> I also tried with a user policy
> {7AE52791-EC45-43AA-8289-022DF5AB0AFC}, but it doesn't work too.
>
> Best regards,
>
> Olaf Fr?czyk
>