Groups | Search | Server Info | Login | Register
| From | "L.P.H. van Belle via samba" <samba@lists.samba.org> |
|---|---|
| Newsgroups | linux.samba |
| Subject | Re: [Samba] Problem sysvolreset |
| Date | 2017-03-21 17:20 +0100 |
| Message-ID | <tnuFP-5IV-1@gated-at.bofh.it> (permalink) |
| References | <tnucO-5iR-23@gated-at.bofh.it> <tnucO-5iR-21@gated-at.bofh.it> |
| Organization | linux.* mail to news gateway |
Hai,
Here you go my output of the R2008R2. (64bit)
1) original GPO from the install ( the domain controller policy )
Path : Microsoft.PowerShell.Core\FileSystem::C:\Windows\SYSVOL\domain\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}
Owner : BUILTIN\Administrators
Group : NT AUTHORITY\SYSTEM
Access : CREATOR OWNER Allow 268435456
NT AUTHORITY\Authenticated Users Allow -1610612736
NT AUTHORITY\Authenticated Users Allow ReadAndExecute, Synchronize
NT AUTHORITY\SYSTEM Allow 268435456
NT AUTHORITY\SYSTEM Allow FullControl
BUILTIN\Administrators Allow 268435456
BUILTIN\Administrators Allow Write, ReadAndExecute, ChangePermissions, TakeOwnership, Synchronize
BUILTIN\Server Operators Allow ReadAndExecute, Synchronize
Audit :
Sddl : O:BAG:SYD:PAI(A;OICIIO;GA;;;CO)(A;OICIIO;GXGR;;;AU)(A;;0x1200a9;;;AU)(A;OICIIO;GA;;;SY)(A;;FA;;;SY)(A;OICIIO;G
A;;;BA)(A;;0x1e01bf;;;BA)(A;OICIIO;GXGR;;;SO)(A;;0x1200a9;;;SO)
The one with numbers like CREATOR OWNER Allow 268435456
Are users/groups with special rights.
2) and just now created GPO, didnt touch it at al.
Path : Microsoft.PowerShell.Core\FileSystem::C:\Windows\SYSVOL\domain\Policies\{EDC26216-625D-42D7-8443-9003D427DEF5}
Owner : ROTTERDAM\Domain Admins
Group : ROTTERDAM\Domain Admins
Access : CREATOR OWNER Allow FullControl
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS Allow ReadAndExecute, Synchronize
NT AUTHORITY\Authenticated Users Allow ReadAndExecute, Synchronize
NT AUTHORITY\SYSTEM Allow FullControl
ROTTERDAM\Domain Admins Allow FullControl
ROTTERDAM\Enterprise Admins Allow FullControl
Audit :
Sddl : O:DAG:DAD:PAI(A;OICIIO;FA;;;CO)(A;OICI;0x1200a9;;;ED)(A;OICI;0x1200a9;;;AU)(A;OICI;FA;;;SY)(A;OICI;FA;;;DA)(A;
OICI;FA;;;EA)
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: Rowland Penny [mailto:rpenny@samba.org]
> Verzonden: dinsdag 21 maart 2017 16:38
> Aan: L.P.H. van Belle
> CC: samba@lists.samba.org
> Onderwerp: Re: [Samba] Problem sysvolreset
>
> On Tue, 21 Mar 2017 16:24:31 +0100
> L.P.H. van Belle <belle@bazuin.nl> wrote:
>
> > Hai Rowland,
> >
> > Can post your exact command you used, so im sure i dont get different
> > outputs.
> >
>
> OK, on a windows 21012R2 DC:
>
> Get-Acl
> C:|Windows\SYSVOL\sysvol\domain.local\Policies\'{5FD30AA2-B678-422C-9C0E-
> 4E270488EDE4}'
> | Format-List
>
> NOTE: The above is all one line.
>
> Which leads to this output:
>
> Path :sysvol\DOMAIN.LOCAL\Policies\{5FD30AA2-B678-422C-9C0E-
> 4E270488EDE4}
> Owner : HOME\Domain Admins Group : HOME\Domain Admins
> Access : CREATOR OWNER Allow FullControl
> NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS Allow ReadAndExecute,
> Synchronize
> NT AUTHORITY\Authenticated Users Allow ReadAndExecute, Synchronize
> NT AUTHORITY\SYSTEM Allow FullControl
> HOME\Domain Admins Allow FullControl
> HOME\Enterprise Admins Allow FullControl
> Audit :
> Sddl :
> O:DAG:DAD:PAI(A;OICIIO;FA;;;CO)(A;OICI;0x1200a9;;;ED)(A;OICI;0x1200a9;;;AU
> )(A;OICI;FA;;;SY)(A;OICI;FA;;;DA)(A;OICI;FA;;;S-1-5-21-2695348288-
> 4157658249-429813502-519)
>
> Rowland
>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Back to linux.samba | Previous | Next — Previous in thread | Next in thread | Find similar
[Samba] Problem sysvolreset Edson Tadeu Almeida da Silveira via samba <samba@lists.samba.org> - 2017-03-07 16:30 +0100
Re: [Samba] Problem sysvolreset Rowland Penny via samba <samba@lists.samba.org> - 2017-03-07 17:00 +0100
Re: [Samba] Problem sysvolreset Edson Tadeu Almeida da Silveira via samba <samba@lists.samba.org> - 2017-03-07 17:20 +0100
Re: [Samba] Problem sysvolreset Rowland Penny via samba <samba@lists.samba.org> - 2017-03-07 17:40 +0100
Re: [Samba] Problem sysvolreset Edson Tadeu Almeida da Silveira via samba <samba@lists.samba.org> - 2017-03-07 18:30 +0100
Re: [Samba] Problem sysvolreset Rowland Penny via samba <samba@lists.samba.org> - 2017-03-07 18:40 +0100
Re: [Samba] Problem sysvolreset Edson Tadeu Almeida da Silveira via samba <samba@lists.samba.org> - 2017-03-07 18:50 +0100
Re: [Samba] Problem sysvolreset Kris Lou via samba <samba@lists.samba.org> - 2017-03-07 19:30 +0100
Re: [Samba] Problem sysvolreset Rowland Penny via samba <samba@lists.samba.org> - 2017-03-07 20:00 +0100
Re: [Samba] Problem sysvolreset Rowland Penny via samba <samba@lists.samba.org> - 2017-03-07 21:30 +0100
Re: [Samba] Problem sysvolreset Björn JACKE via samba <samba@lists.samba.org> - 2017-03-20 15:30 +0100
Re: [Samba] Problem sysvolreset Rowland Penny via samba <samba@lists.samba.org> - 2017-03-20 15:50 +0100
Re: [Samba] Problem sysvolreset "L.P.H. van Belle via samba" <samba@lists.samba.org> - 2017-03-20 16:40 +0100
Re: [Samba] Problem sysvolreset Rowland Penny via samba <samba@lists.samba.org> - 2017-03-20 17:30 +0100
Re: [Samba] Problem sysvolreset Rowland Penny via samba <samba@lists.samba.org> - 2017-03-21 16:50 +0100
Re: [Samba] Problem sysvolreset "L.P.H. van Belle via samba" <samba@lists.samba.org> - 2017-03-21 17:20 +0100
Re: [Samba] Problem sysvolreset Rowland Penny via samba <samba@lists.samba.org> - 2017-03-21 17:40 +0100
csiph-web