Group Policy
Introduction
This document describes how to manage winbind clients using Group Policy.
About Group Policy
Group Policy provides centralized management and configuration of operating system, application, and user settings. Policies are delivered to clients by listing them in LDAP, under groupPolicyContainer objects. These objects provide the gPCFileSysPath attribute, which points to policy information stored on the domains SYSVOL share.
Policies are enforced by winbind at a random interval between 90 and 120 seconds. Policies can be manually enforced using the samba-gpupdate --force
command.
Configuring Group Policy
Enabling Group Policy in Winbind
To enable Group Policy application in winbind, set the global option apply group policies to yes.
apply group policies = yes
Installing Samba ADMX Templates for the Group Policy Management Console
In order to configure Samba Group Policies, you must first install the ADMX templates provided by Samba.
samba-tool gpo admxload -UAdministrator
The samba-tool gpo admxload command copies the Samba ADMX templates to the <domain>/Policies/PolicyDefinitions directory on the SYSVOL share.
Setting Samba Group Policy in the Group Policy Management Console
To set Samba Group Policy settings, open the Group Policy Management Console and either create a new Group Policy Object, or edit an existing one.
Creating a Group Policy Object
To create the Group Policy Object, highlight the domain or container where you want the object linked, then open the Action menu and select "Create a GPO in this domain, and Link it here".
Enter the name of the new Group Policy in the dialog that appears, then click ok.
Editing a Group Policy Object
Highlight a policy, and select Edit from the Action menu to open the policy for editing.
Samba policies can be found in User or Computer Configuration > Policies > Administrative Templates > Samba.