Zentyal Forum, Linux Small Business Server
Zentyal Server => Directory and Authentication => Topic started by: killmasta93 on September 30, 2020, 06:45:55 pm
-
Hi,
Currently trying to install a startup script though GPO, before trying on zentyal i did with a window server 2012r2 and it worked. So i think it might be a bug on zentyal.
on the GPO i added the startup script to the location of the script. All the users have permission to have access of the folder. I checked on event viewer and got the
1130 Group policy error
https://imgur.com/r2BRPre.png
https://imgur.com/gOc0eAw.png
any ideas?
Thank you
-
:)
Check the client's event viewer and run gpresult. It should give you the key point to fix the issue.
Paste here these data if you need some help.
Cheers!
-
Thanks for the reply, what i did was instead running the script on startup i created a task to run the bat instead and it seemed to work that way
thank you again
-
So coming back to the issue i have realized something the GPO dont seem to work for the config of computers only users. Im trying to update the local admin though GPO. I added this config
i restarted the server and checked if the local admin password was changed and it seemed that it was not. then ran a gpresult and it shows that it does not grab any Computer GPO
see pictures
https://ibb.co/7gKXnsp
https://ibb.co/nrzJFfy
-
:)
Did you use the command gpupdate /force
before checking the password? By default Group Policy updates are applied with a timer (90').
In addition, you should enable the "El usuario no puede cambiar la contraseƱa" checkbox and disable the rest of checkboxes.
Cheers!
-
Thanks for the reply, good thing forgot to add that checkbox but i also tried gpupdate /force and reboot all kinds and nothing not sure if on your environment it works?
-
:)
Give me some time (a couple of days) and I'll check it.
Cheers!
-
thanks for the reply let me know :=)
-
:)
Microsoft has removed this feature from GPO. Read this https://www.grouppolicy.biz/2014/05/group-policy-preferences-password-behaviour-change-ms14-025/ (https://www.grouppolicy.biz/2014/05/group-policy-preferences-password-behaviour-change-ms14-025/) ???
My Windows clients have this patch applied, so, they don't apply this GPO. Actually, I can't either edit the password fields in the gpedit.
Let me know if you want that I make some trials by removing the patch.
Cheers!
-
Thanks for the reply, so whats odd i ran this feature on a windows server 2012r2 and it works but on zentyal no feature works on GPO on the computer section, on the user sections works flawless. Example i tried adding installing OCS inventory though GPO on computer and did not ( from my previous forum post which i put a script GPO on user and it worked) work but i did the same on windows server GPO and it works.
Thank you again
-
:)
Try adding "Authenticated users" and "Domain computers" with "read" permission in the GPO Delegation tab.
Cheers!
-
Thanks for the reply that did the trick, very interesting that option that i needed to add