On 08/10/12 18:23, steve wrote:
On 08/10/12 17:40, [email protected] wrote:
Ok can you check that this simple user can go in the \\server\sysvol
folder and then access all the files under <dnsnamedomain>/policies
and cross check that this gpo is really applied by setting in the same
gpo a rule for the wallpaper or something else visible.
Hi
I set the wallpaper in the same gpo:
http://dl.dropbox.com/u/45150875/gpowallpaper.png
This popup appears each time Administrator starts the GPO editor:
http://dl.dropbox.com/u/45150875/sysvolerror.png
Clicking OK gives 'Access is denied'. Same error whether I have run
samba-tool ntacl sysvolreset or not. The GPO is created however.
Results:
1. Ordinary users can read anything in the sysvol share
2. The wallpaper GPO is ignored both for W7 Administrator and for W7 users.
note: The wallpaper GPO doesn't work on XP either but I don't think it
was implemented then.
Cheers,
Steve
Hi
I updated today tothe latest from master:
Version 4.1.0pre1-GIT-e65a24bed
and ran:
samba-tool ntacl sysvolreset --use-s3fs
Now no user can enter sysvol:
getfacl sysvol/
# file: sysvol/
# owner: root
# group: wheel
# flags: s--
user::rwx
user:root:rwx
group::r--
group:wheel:r--
group:3000000:r--
group:3000001:r--
group:3000002:r--
mask::rwx
other::---
Any ideas how I can get domain users to enter and read the gpo's? I've
tried with 0755 but windows doesn't seem to know about it. Any attempt
to set the ACL on windows fils. Is it possible to set the ACL from
windows 7 on s3fs?
Cheers,
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
