Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - xelander

Pages: [1]
1
Thank you, I will try your suggestion.
But if it works, then I'm bit worried: do I have to delete and recreate profiles every time I apply a new GPO? :'(

Cheers.

2
Thank you doncamilo, I do used samba-tool to set password polices and it worked flawlessly.

3
Upon further testing, I discovered that, with your workaround, GPO's do work: only the max password age setting doesn't work, so I changed it using samba-tool (samba-tool domain passwordsettings set --max-pwd-age=90).

Roaming profiles still give errors, so I disabled them and I suppose I will have live without them...

4
Hello,
I just installed Zenytal 6.0 as a standalone Domain Controller (hostname master, domain insieme.lan) and I had the same problem with roaming profiles.

I successfully joined a Windows 10 Pro (version 1903) VM to the domain (INSIEME), I created a new domain user (alex) with romaing profile (\\master.INSIEME.LAN\profiles\alex) and I followed your suggestion and created the above registry keys.

It works, but only until I try to change the default domain policy (or apply a new domain policy) with the Group Policy Editor (I tried setting password expiration to 42 days): then the errors with the roaming profiles show up again.

I also created a "\\*\PROFILES" key similar to "\\*\SYSVOL" and "\\*\NETLOGON" above, but again with no result.

I also appended ",RequireIntegrity=0,RequirePrivacy=0" (as per this post https://blogs.technet.microsoft.com/leesteve/2017/08/09/demystifying-the-unc-hardening-dilemma/) to the keys value, but nothing helped.

Has anyone you experienced similar problems?

Thanks,
Alessandro

5
Hello,
I'm new to Zentyal and Windows AD, and I've just installed Zenytal 6.0 as a standalone Domain Controller (hostname master, domain insieme.lan) with roaming profiles enabled.

I successfully joined a Windows 10 VM to the domain (INSIEME) and created a new domain user (alex) with romaing profile (\\master.INSIEME.LAN\profiles\alex), and I have the same problem: GPO's are not applied on user logon.

I followed your suggestion and created the above registry keys, but it did not help.

Moreover, after I modified the default domain policy (I set password expiration to 42 days) and rebooted the W10 client, the roaming profile stopped working: on logon windows now complains about a problem with mobile profile and uses a saved local profile.

The event viewer says that User profile service is unable to access the server copy of the mobile profile, but the profile dir (/home/samba/profiles/alex and /home/samba/profiles/alex.V6) are still there (they were created by Windows on first logon), and I can access the profile path \\master.INSIEME.LAN\profiles\alex and \\master.INSIEME.LAN\profiles\alex.V6 using Explorer when logged in as user 'alex', so I cannot understand why Windows cannot find the profile.

I also created a "\\*\PROFILES" key similar to "\\*\SYSVOL" and "\\*\NETLOGON" above, but again with no result.
I also appended ",RequireIntegrity=0,RequirePrivacy=0" (from this post https://blogs.technet.microsoft.com/leesteve/2017/08/09/demystifying-the-unc-hardening-dilemma/) to the keys value, but nothing helped.

Does anyone have any suggestion?

Thanks,
Alessandro


 


Pages: [1]