Group Policy

Revision as of 19:14, 1 July 2020 by Dmulder (talk | contribs) (Initial creation of Group Policy page, including basic configuration instructions)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Introduction

This document describes how to manage winbind clients using Group Policy.

About Group Policy

Group Policy provides centralized management and configuration of operating system, application, and user settings. Policies are delivered to clients by listing them in LDAP, under groupPolicyContainer objects. These objects provide the gPCFileSysPath attribute, which points to policy information stored on the domains SYSVOL share.

Policies are enforced by winbind at a random interval between 90 and 120 seconds. Policies can be manually enforced using the samba-gpupdate --force command.

Configuring Group Policy

Enabling Group Policy in Winbind

To enable Group Policy application in winbind, set the global option apply group policies to yes.

apply group policies = yes

Installing Samba ADMX Templates for the Group Policy Management Console

In order to configure Samba Group Policies, you must first install the ADMX templates provided by Samba.

samba-tool gpo admxload -UAdministrator

The samba-tool gpo admxload command copies the Samba ADMX templates to the <domain>/Policies/PolicyDefinitions directory on the SYSVOL share.