Zentyal Forum, Linux Small Business Server
Zentyal Server => Directory and Authentication => Topic started by: Kevinsky86 on February 24, 2021, 12:21:11 pm
-
Installed a fresh Zentyal 7 machine. (KVM vm on Proxmox cluster)
Functionally OK, put a computer in the domain.
Can log in, create users and all that.
However with RSAT if I try to do anything with the default GPO, or create additional ones it gives me an "access denied" error.
I am a member of both Domain Admins (which IMO is what i need for GPO changes) and Schema admins group.
Tried to create a new user account that I also bombarded Domain admin.
Can log in as this user just fine but also cannot change any GPO's under this new user.
I feel like this should just work out of the box, no? Or am i missing something?
Edit: I also used my acount to put this computer in the domain to begin with.
-
After running "samba-tool ntacl sysvolreset" i could edit and create group policy objects.
-
In other topic a user similar problem, possible the reset sysvol working!
-
Thanks for sharing your solution. I, too, ran into this very problem and running "samba-tool ntacl sysvolreset" resolved it for me. It would be helpful, if the developers would see this and try to determine what the root cause is and find a way to mitigate it.
-
+1 here. I had the same problem and "sudo samba-tool ntacl sysvolreset" just resolved the issue immediately. Thank you so much! I just want to add that some policy options were also missing, I mean there was no Windows Settings > Security Settings > Account Policies, for example. And running the command solved that too.