Things that break group policy

From Pumping Station One
Jump to navigation Jump to search

Group Policy

Group policy on windows controls windows settings for the domain.

It's used for the following

  • Determing logon rights for pc's hooked into the shopbot and laser cutter
  • setting registry keys for certains software licenses
  • disabling power saveing

Basic Troubleshooting

If you notice something wrong, the following command will trigger a group policy update, and may display information about what went wrong. 

   gpupdate
   gpupdate /force
   gpupdate /force /sync

Time desync

If the computer's time is desynchronized from AD: 

   net time /domain /set /y

and try gpupdate again

Garbage in sysvol

I don't know if this actually fixed anything, but try running the following commands as root on the Domain Controller 

   samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix
   samba-tool ntacl sysvolreset
   samba-tool dbcheck --cross-ncs --fix

ACLs break after rsync

If samba-tool ntacls sysvolcheck reveals a problem after every rsync of the sysvol, you may want to copy /var/lib/samba/private/idmap.ldb from the rsync host to the replicated Domain Controller.

Retrieved from "https://ps1.mywikis.wiki/w/index.php?title=Things_that_break_group_policy&oldid=34749"