similar to: Security descriptors options of Group Policies

Displaying 20 results from an estimated 200 matches similar to: "Security descriptors options of Group Policies"

2024 May 02
1
GPO Editor says "Access denied" for Group Policy Objects
On Thu, 2 May 2024 12:07:13 +0200 Jakob Curdes via samba <samba at lists.samba.org> wrote: > Hello all, to return to the original topic: > > My original problem was that I could not edit GP objects with the GP > Editor, even as Domain admin. I always got "access denied". A > sysvolcheck returned no errors and the Windows "Security" tab for the >
2024 May 02
1
GPO Editor says "Access denied" for Group Policy Objects
Hello all, to return to the original topic: My original problem was that I could not edit GP objects with the GP Editor, even as Domain admin. I always got "access denied". A sysvolcheck returned no errors and the Windows "Security" tab for the object in question on the sysvol share looked correct. I now found out that the group id of the sysvol folder (and everything
2017 Mar 21
3
Problem sysvolreset
Hai,   Here you go my output of the R2008R2. (64bit)   1) original GPO from the install ( the domain controller policy ) Path   : Microsoft.PowerShell.Core\FileSystem::C:\Windows\SYSVOL\domain\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9} Owner  : BUILTIN\Administrators Group  : NT AUTHORITY\SYSTEM Access : CREATOR OWNER Allow  268435456          NT AUTHORITY\Authenticated Users
2006 Mar 20
5
Need some ACL help for win32-file
Hi folks, I''ve got most everything done for the pure Ruby version of win32-file. The last thing left (since I''ll be moving the IO methods to a different package eventually) is the file security stuff. Here''s what I''ve got so far for the get_permissions method. However, I''m stuck at GetAce(). If someone could help me finish up this method, I
2017 Jun 22
1
Fwd: AD Policies are not applying properly
On 6/22/2017 9:41 AM, Anantha Raghava via samba wrote: > Hi, > > No solutions to get out of this? > Not sure exactly what your issue is but based on your error Samba is reporting the following on that particular Policy; * Lost Allow Object and Container inheritance on each ACE. * Create Owner missing ACE and you have Built in Administrators with an ACE * You have the
2024 Jan 31
1
Behavior of acl_xattr:ignore system acls = yes on a share
On 1/31/24 11:19, Rowland Penny via samba wrote: > When I logged into Windows and connected to a share that has > 'acl_xattr:ignore system acls = yes' set and right clicked on its icon > in Explorer and selected 'Properties', I found that 'EVERYONE' was > listed. I removed 'EVERYONE', clicked 'Apply' then 'OK', which > completed
2024 Jan 31
1
Behavior of acl_xattr:ignore system acls = yes on a share
On Wed, 31 Jan 2024 10:09:53 +0100 Ralph Boehme via samba <samba at lists.samba.org> wrote: > On 1/31/24 09:50, Peter Milesson via samba wrote: > > The crucial problem here is, that Everyone (yes, really everyone) > > can write to the root share. > > why don't you just change it? That's how it's supposed to work. > > -slow > It might be
2024 Jan 31
2
Behavior of acl_xattr:ignore system acls = yes on a share
On Wed, 31 Jan 2024 11:53:44 +0100 Ralph Boehme <slow at samba.org> wrote: > On 1/31/24 11:19, Rowland Penny via samba wrote: > > When I logged into Windows and connected to a share that has > > 'acl_xattr:ignore system acls = yes' set and right clicked on its > > icon in Explorer and selected 'Properties', I found that 'EVERYONE' > > was
2024 Jan 31
2
Behavior of acl_xattr:ignore system acls = yes on a share
On 1/31/24 09:50, Peter Milesson via samba wrote: > The crucial problem here is, that Everyone (yes, really everyone) can > write to the root share. why don't you just change it? That's how it's supposed to work. -slow -- SerNet Samba Team Lead https://samba.plus/ Samba Team Member https://samba.org/ SAMBA+ packages https://samba.plus/ SerNet
2017 Jun 21
3
Fwd: AD Policies are not applying properly
Hi, We have been consistently having issues with GPO and they are not consistent. We are using version 4.6.3 with BIND DNS Backend. As suggested in some of our previous communications, when we run the samba-tool ntacl sysvolcheck it results in the error as detailed below. [root at dc1 ~]# samba-tool ntacl sysvolcheck lp_load_ex: refreshing parameters Initialising global parameters rlimit_max:
2024 Jan 26
1
permission denied with windows acls
I am getting a permission denied when trying to ls as a domain user a samba mount with windows ACLs (sigh I thought I had this figured out).? I tried to include self descriptive server names and include them in the info below (fs1: file server, nc: addc, u2gui: ubuntu desktop) CARLSON\peter at u2gui:~$ ls -l /mnt ls: cannot access '/mnt/test': Permission denied total 0
2008 Feb 28
1
Inheritable Permissions Issue
I have a Centos 3 server running Samba 3.0.28. It's a member of an AD domain on a Windows Server 2003 R2 Standard x64 SP2 box. From the W2K3 server I can see the samba share I created. Using the Security tab in the Windows Explorer file properties dialog I can add and remove users and change their permissions. However, in the Permissions tab of the Advanced Security Settings dialog,
2018 Jan 26
6
Adding Share Windows ACL
Hello, im trying to setup a share using windows acls. I followed the step ins https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs but hanging at "Adding a Share" # mkdir -p /srv/samba/Demo/ # chown root:"Domain Admins" /srv/samba/Demo/ *--> chown: ungültige Gruppe: »root:Domain Admins“* # net rpc rights list privileges SeDiskOperatorPrivilege -U
2017 Sep 05
1
BUILTIN\Administrators - failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND
Well, we are getting somewere...;) >It is probably 'greyed' out because no Windows tools use it or will add it. You will probably need to use Unix tools (ldb or ldap) to remove>them, but you can if you so wish ignore them. What you should never do is to rely on them being there, because they may or may not be there.Ok, I'll let it be there> You need to remove the gidNumber
2017 Mar 07
4
Problem sysvolreset
On Tue, 7 Mar 2017 10:26:03 -0800 Kris Lou via samba <samba at lists.samba.org> wrote: > Hang on, can you explain this a little further? I thought that Domain > Admins was issued gidNumber 512 by default. In addition, sysvolreset > is not recommended to fix potential SysVol replication problems with > GPO perms? > No Domain Admins doesn't get gidNumber 512 by default,
2017 Sep 05
3
BUILTIN\Administrators - failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND
Thank you very much for clarifying the ID mapping "magic";) > You do not need 'posixgroup', it is an auxiliary objectclass of group, you can add any of the rfc2307 attributes without it. Well, is there any option to remove it? Because "posixgroup" is on every group that was migrated from Samba 3. And I cannot edit this attribute in ADUC (delete button is grayed).
2018 Apr 27
2
sysvol files - 'The data area passed to a system call is too small'
Hi, I have been having problems with GPOs, sysvol, etc. for some time now, and have found a workaround but I wondered if any of the samba devs were interested in investigating this. Basically, the problems manifest themselves as access errors, along the lines of unable to read files, error messages such as 'The data area passed to a system call is too small' and so on - which means that
2024 May 24
1
How to set up a simple file server with full ACL support?
On Wed, 2024-05-22 at 21:05 -0700, Jeremy Allison wrote: > On Thu, May 23, 2024 at 09:42:53AM +1200, Andrew Bartlett via samba > wrote: > > After 23 years answering questions here, I figure it might be time > > for > > me to ask one. > > > > As mentioned here: > > https://lists.samba.org/archive/samba-technical/2024-May/138969.html > > I > >
2024 May 23
2
How to set up a simple file server with full ACL support?
On Thu, May 23, 2024 at 09:42:53AM +1200, Andrew Bartlett via samba wrote: >After 23 years answering questions here, I figure it might be time for >me to ask one. > >As mentioned here: >https://lists.samba.org/archive/samba-technical/2024-May/138969.html I >am working with a client to improve a Go SMB client library. > >They want to manipulate ACLs on SMB, which is a very
2020 Jul 01
4
Users, home directories and profiles
> root at localhost:~# getfacl /home/samba/users/ > getfacl: Removing leading '/' from absolute path names > # file: home/samba/users/ > # owner: root > # group: root > user::rwx > group::rwx > other::rwx > root at localhost:~# samba-tool ntacl get /home/samba/users --as-sddl >