git.samba.org / mat / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f1ecdb9)
s4 provision: Remove hard coded ACL for GPO objects
authorMatthieu Patou <mat@matws.net>
Wed, 7 Apr 2010 21:44:22 +0000 (01:44 +0400)
committerJelmer Vernooij <jelmer@samba.org>
Thu, 15 Apr 2010 16:45:40 +0000 (18:45 +0200)
It is no longer needed to hard code ACL for GPO object as we have now code
that calculate ACL from defaultSecurityDescriptor and inheritance correctly.

In fact the resulting ACL returned by this hard coded value is a bit wrong as
some ACE are duplicated.

Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
source4/setup/provision_group_policy.ldif patch | blob | history

diff --git a/source4/setup/provision_group_policy.ldif b/source4/setup/provision_group_policy.ldif
index 05981d8821420e282329130459d6ef4153bb822e..20b162ecb40cc1a24a81d146cd96f4aec51569bc 100644 (file)
--- a/source4/setup/provision_group_policy.ldif
+++ b/source4/setup/provision_group_policy.ldif
@@ -15,7 +15,6 @@ gPCUserExtensionNames: [{3060E8D0-7020-11D2-842D-00C04FA372D4}{3060E8CE-7020-1
  1D2-842D-00C04FA372D4}][{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-
  11D1-A7CC-0000F87571E3}]
 isCriticalSystemObject: TRUE
-nTSecurityDescriptor: O:${DOMAINSID}-512G:${DOMAINSID}-512D:PAI(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-512)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-519)(A;;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-512)(A;CIIO;RPWPCCDCLCLORCWOWDSDDTSW;;;CO)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;SY)(A;CI;RPLCLORC;;;AU)(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(A;CI;RPLCLORC;;;ED)S:AI(OU;CIIDSA;WPWD;;f30e3bc2-9ff0-11d1-b603-0000f80367c1;WD)(OU;CIIOIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIOIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)
 systemFlags: -1946157056
 
 dn: CN=User,CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN}
@@ -42,7 +41,6 @@ flags: 0
 gPCMachineExtensionNames: [{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4
  FB-11D0-A0D0-00A0C90F574B}]
 isCriticalSystemObject: TRUE
-nTSecurityDescriptor: O:${DOMAINSID}-512G:${DOMAINSID}-512D:PAI(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-512)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-519)(A;;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-512)(A;CIIO;RPWPCCDCLCLORCWOWDSDDTSW;;;CO)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;SY)(A;CI;RPLCLORC;;;AU)(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(A;CI;RPLCLORC;;;ED)S:AI(OU;CIIDSA;WPWD;;f30e3bc2-9ff0-11d1-b603-0000f80367c1;WD)(OU;CIIOIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIOIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)
 systemFlags: -1946157056
 
 dn: CN=User,CN={${POLICYGUID_DC}},CN=Policies,CN=System,${DOMAINDN}
Default public repo for matthieu