Things that break group policy: Difference between revisions
From Pumping Station One
Created page with "== Group Policy == Group policy on windows controls windows settings for the domain. It's used for the following * Determing logon rights for pc's hooked into the shopbot an..." |
m add systems category |
||
| (4 intermediate revisions by 3 users not shown) | |||
| Line 5: | Line 5: | ||
It's used for the following | It's used for the following | ||
* Determing logon rights for pc's hooked into the shopbot and laser cutter | * Determing logon rights for pc's hooked into the shopbot and laser cutter | ||
* setting registry keys for certains | * setting registry keys for certains software licenses | ||
* disabling power saveing | * disabling power saveing | ||
== Basic Troubleshooting == | == Basic Troubleshooting == | ||
If you notice something wrong, the following command will | If you notice something wrong, the following command will trigger a group policy update, and may display information about what went wrong. | ||
gpupdate | gpupdate | ||
| Line 31: | Line 31: | ||
samba-tool ntacl sysvolreset | samba-tool ntacl sysvolreset | ||
samba-tool dbcheck --cross-ncs --fix | samba-tool dbcheck --cross-ncs --fix | ||
=== ACLs break after rsync === | |||
If <code>samba-tool ntacls sysvolcheck</code> reveals a problem after every rsync of the sysvol, you may want to copy /var/lib/samba/private/idmap.ldb from the rsync host to the replicated Domain Controller. | |||
[[Category:Systems]] | |||
Latest revision as of 07:54, 9 November 2017
Group Policy
Group policy on windows controls windows settings for the domain.
It's used for the following
- Determing logon rights for pc's hooked into the shopbot and laser cutter
- setting registry keys for certains software licenses
- disabling power saveing
Basic Troubleshooting
If you notice something wrong, the following command will trigger a group policy update, and may display information about what went wrong.
gpupdate gpupdate /force gpupdate /force /sync
Time desync
If the computer's time is desynchronized from AD:
net time /domain /set /y
and try gpupdate again
Garbage in sysvol
I don't know if this actually fixed anything, but try running the following commands as root on the Domain Controller
samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix samba-tool ntacl sysvolreset samba-tool dbcheck --cross-ncs --fix
ACLs break after rsync
If samba-tool ntacls sysvolcheck reveals a problem after every rsync of the sysvol, you may want to copy /var/lib/samba/private/idmap.ldb from the rsync host to the replicated Domain Controller.
