Difference between revisions of "Things that break group policy"
Jump to navigation
Jump to search
m (Justin moved page Thing's that break group policy to Things that break group policy) |
m (add systems category) |
||
(3 intermediate revisions by 2 users not shown) | |||
Line 5: | Line 5: | ||
It's used for the following | It's used for the following | ||
* Determing logon rights for pc's hooked into the shopbot and laser cutter | * Determing logon rights for pc's hooked into the shopbot and laser cutter | ||
− | * setting registry keys for certains | + | * setting registry keys for certains software licenses |
* disabling power saveing | * disabling power saveing | ||
== Basic Troubleshooting == | == Basic Troubleshooting == | ||
− | If you notice something wrong, the following command will | + | If you notice something wrong, the following command will trigger a group policy update, and may display information about what went wrong. |
gpupdate | gpupdate | ||
Line 31: | Line 31: | ||
samba-tool ntacl sysvolreset | samba-tool ntacl sysvolreset | ||
samba-tool dbcheck --cross-ncs --fix | samba-tool dbcheck --cross-ncs --fix | ||
+ | |||
+ | === ACLs break after rsync === | ||
+ | |||
+ | If <code>samba-tool ntacls sysvolcheck</code> reveals a problem after every rsync of the sysvol, you may want to copy /var/lib/samba/private/idmap.ldb from the rsync host to the replicated Domain Controller. | ||
+ | |||
+ | [[Category:Systems]] |
Latest revision as of 13:54, 9 November 2017
Group Policy
Group policy on windows controls windows settings for the domain.
It's used for the following
- Determing logon rights for pc's hooked into the shopbot and laser cutter
- setting registry keys for certains software licenses
- disabling power saveing
Basic Troubleshooting
If you notice something wrong, the following command will trigger a group policy update, and may display information about what went wrong.
gpupdate gpupdate /force gpupdate /force /sync
Time desync
If the computer's time is desynchronized from AD:
net time /domain /set /y
and try gpupdate again
Garbage in sysvol
I don't know if this actually fixed anything, but try running the following commands as root on the Domain Controller
samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix samba-tool ntacl sysvolreset samba-tool dbcheck --cross-ncs --fix
ACLs break after rsync
If samba-tool ntacls sysvolcheck
reveals a problem after every rsync of the sysvol, you may want to copy /var/lib/samba/private/idmap.ldb from the rsync host to the replicated Domain Controller.