search for: local_admin

...the group ID assigned to the sysvol > folder on both DCs and now I can edit the GP objects with the GPO > editor. The permissions set on the sysvol directory are: O:LAG:BAD:P(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;SO)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;AU) Which in a more readable form is: Owner:LOCAL_ADMIN Group:BUILTIN_ADMINISTRATORS D:P(Allow;Full control;;;BUILTIN_ADMINISTRATORS)(Allow;Read and Execute,Inherited;;;SERVER_OPERATORS)(Allow;Full control;;;LOCAL_SYSTEM)(Allow;Read and Execute,Inherited;;;_AUTHENTICATED_USERS) Now all that depends on the various users and groups having the same ID on...

Hi Samba List, hope you're doing well all. We have realized a security audit of our Samba4 Active Directory. It returns that the security descriptors options of all our GPO objects are wrong. They should be : SE_DACL_AUTO_INHERITED SE_DACL_PRESENT instead of this, the options are by default : SE_DACL_PROTECTED SE_DACL_PRESENT We can change the options, but the "sysvolreset"

Hello all, to return to the original topic: My original problem was that I could not edit GP objects with the GP Editor, even as Domain admin. I always got "access denied". A sysvolcheck returned no errors and the Windows "Security" tab for the object in question on the sysvol share looked correct. I now found out that the group id of the sysvol folder (and everything