From b31f1e6d5bffddf5eb8df940bc4ff19f8bb5a7c4 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Matthias=20Dieter=20Walln=C3=B6fer?= Date: Tue, 30 Jun 2009 13:54:45 +0200 Subject: [PATCH] [SAMBA 4 directory] Corrects the "systemFlags" attributes Set the values like Windows Server 2003 R2. --- source4/setup/provision.ldif | 14 ++++---- source4/setup/provision_computers_modify.ldif | 2 +- source4/setup/provision_configuration.ldif | 10 +++--- source4/setup/provision_group_policy.ldif | 6 +++- source4/setup/provision_rootdse_add.ldif | 1 + source4/setup/provision_users.ldif | 36 +++++++++---------- source4/setup/provision_users_modify.ldif | 2 +- 7 files changed, 39 insertions(+), 32 deletions(-) diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index 1afe72f6e2f5..e5b20d03e11d 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -3,7 +3,7 @@ objectClass: top objectClass: organizationalUnit cn: Domain Controllers description: Default container for domain controllers -systemFlags: 2348810240 +systemFlags: -1946157056 isCriticalSystemObject: TRUE showInAdvancedViewOnly: FALSE @@ -12,7 +12,7 @@ objectClass: top objectClass: container cn: ForeignSecurityPrincipals description: Default container for security identifiers (SIDs) associated with objects from external, trusted domains -systemFlags: 2348810240 +systemFlags: -1946157056 isCriticalSystemObject: TRUE showInAdvancedViewOnly: FALSE @@ -21,14 +21,14 @@ objectClass: top objectClass: container cn: System description: Builtin system settings -systemFlags: 2348810240 +systemFlags: -1946157056 isCriticalSystemObject: TRUE dn: CN=RID Manager$,CN=System,${DOMAINDN} objectclass: top objectclass: rIDManager cn: RID Manager$ -systemFlags: 2348810240 +systemFlags: -1946157056 isCriticalSystemObject: TRUE fSMORoleOwner: CN=NTDS Settings,${SERVERDN} rIDAvailablePool: 4611686014132423217 @@ -48,7 +48,7 @@ dn: CN=Infrastructure,${DOMAINDN} objectclass: top objectclass: infrastructureUpdate cn: Infrastructure -systemFlags: 2348810240 +systemFlags: -1946157056 isCriticalSystemObject: TRUE fSMORoleOwner: CN=NTDS Settings,${SERVERDN} @@ -56,7 +56,7 @@ dn: CN=Builtin,${DOMAINDN} objectClass: top objectClass: builtinDomain cn: Builtin -forceLogoff: 9223372036854775808 +forceLogoff: -9223372036854775808 lockoutDuration: -18000000000 lockOutObservationWindow: -18000000000 lockoutThreshold: 0 @@ -73,10 +73,12 @@ uASCompat: 1 modifiedCount: 1 isCriticalSystemObject: TRUE showInAdvancedViewOnly: FALSE +systemFlags: -1946157056 dn: CN=Policies,CN=System,${DOMAINDN} objectClass: top objectClass: container +systemFlags: -1946157056 dn: CN=IP Security,CN=System,${DOMAINDN} objectClass: top diff --git a/source4/setup/provision_computers_modify.ldif b/source4/setup/provision_computers_modify.ldif index 3bb4074d424d..110c44c3564b 100644 --- a/source4/setup/provision_computers_modify.ldif +++ b/source4/setup/provision_computers_modify.ldif @@ -7,7 +7,7 @@ replace: showInAdvancedViewOnly showInAdvancedViewOnly: FALSE - replace: systemFlags -systemFlags: 2348810240 +systemFlags: -1946157056 - replace: isCriticalSystemObject isCriticalSystemObject: TRUE diff --git a/source4/setup/provision_configuration.ldif b/source4/setup/provision_configuration.ldif index fff380505f58..e84ac8517eb4 100644 --- a/source4/setup/provision_configuration.ldif +++ b/source4/setup/provision_configuration.ldif @@ -5,7 +5,7 @@ dn: CN=Partitions,${CONFIGDN} objectClass: top objectClass: crossRefContainer cn: Partitions -systemFlags: 2147483648 +systemFlags: -2147483648 msDS-Behavior-Version: 0 fSMORoleOwner: CN=NTDS Settings,${SERVERDN} @@ -38,25 +38,25 @@ dn: CN=Sites,${CONFIGDN} objectClass: top objectClass: sitesContainer cn: Sites -systemFlags: 2181038080 +systemFlags: -2113929216 dn: CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} objectClass: top objectClass: site cn: ${DEFAULTSITE} -systemFlags: 2181038080 +systemFlags: 1107296256 dn: CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} objectClass: top objectClass: serversContainer cn: Servers -systemFlags: 2181038080 +systemFlags: 33554432 dn: CN=Services,${CONFIGDN} objectClass: top objectClass: container cn: Services -systemFlags: 2147483648 +systemFlags: -2147483648 dn: CN=Windows NT,CN=Services,${CONFIGDN} objectClass: top diff --git a/source4/setup/provision_group_policy.ldif b/source4/setup/provision_group_policy.ldif index 98c09b997e7d..d6a46592508a 100644 --- a/source4/setup/provision_group_policy.ldif +++ b/source4/setup/provision_group_policy.ldif @@ -1,5 +1,6 @@ dn: CN=Default Domain Policy,CN=System,${DOMAINDN} objectClass: top +objectClass: leaf objectClass: domainPolicy isCriticalSystemObject: TRUE @@ -15,7 +16,7 @@ objectClass: groupPolicyContainer displayName: Default Domain Policy gPCFunctionalityVersion: 2 gPCFileSysPath: \\${DNSDOMAIN}\sysvol\${DNSDOMAIN}\Policies\{${POLICYGUID}} -versionNumber: 1 +versionNumber: 65543 flags: 0 gPCMachineExtensionNames: [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{53D6AB1B-248 8-11D1-A28C-00C04FB94F17}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4 @@ -25,11 +26,14 @@ gPCUserExtensionNames: [{3060E8D0-7020-11D2-842D-00C04FA372D4}{3060E8CE-7020-1 1D2-842D-00C04FA372D4}][{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E- 11D1-A7CC-0000F87571E3}] nTSecurityDescriptor: O:${DOMAINSID}-512G:${DOMAINSID}-512D:PAI(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-512)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-519)(A;;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-512)(A;CIIO;RPWPCCDCLCLORCWOWDSDDTSW;;;CO)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;SY)(A;CI;RPLCLORC;;;AU)(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(A;CI;RPLCLORC;;;ED)S:AI(OU;CIIDSA;WPWD;;f30e3bc2-9ff0-11d1-b603-0000f80367c1;WD)(OU;CIIOIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIOIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD) +systemFlags: -1946157056 dn: CN=User,CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN} objectClass: top objectClass: container +systemFlags: -1946157056 dn: CN=Machine,CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN} objectClass: top objectClass: container +systemFlags: -1946157056 diff --git a/source4/setup/provision_rootdse_add.ldif b/source4/setup/provision_rootdse_add.ldif index a5319f653b2f..e4e4309a90ac 100644 --- a/source4/setup/provision_rootdse_add.ldif +++ b/source4/setup/provision_rootdse_add.ldif @@ -7,6 +7,7 @@ rootDomainNamingContext: ${ROOTDN} configurationNamingContext: ${CONFIGDN} schemaNamingContext: ${SCHEMADN} supportedLDAPVersion: 3 +supportedLDAPVersion: 2 dnsHostName: ${DNSNAME} ldapServiceName: ${DNSDOMAIN}:${NETBIOSNAME}$@${REALM} serverName: ${SERVERDN} diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif index c61cb805c49c..88146d8cac79 100644 --- a/source4/setup/provision_users.ldif +++ b/source4/setup/provision_users.ldif @@ -208,7 +208,7 @@ member: CN=Administrator,CN=Users,${DOMAINDN} objectSid: S-1-5-32-544 adminCount: 1 sAMAccountName: Administrators -systemFlags: 2348810240 +systemFlags: -1946157056 groupType: -2147483643 isCriticalSystemObject: TRUE privilege: SeSecurityPrivilege @@ -244,7 +244,7 @@ description: Users are prevented from making accidental or intentional system-wi member: CN=Domain Users,CN=Users,${DOMAINDN} objectSid: S-1-5-32-545 sAMAccountName: Users -systemFlags: 2348810240 +systemFlags: -1946157056 groupType: -2147483643 isCriticalSystemObject: TRUE @@ -257,7 +257,7 @@ member: CN=Domain Guests,CN=Users,${DOMAINDN} member: CN=Guest,CN=Users,${DOMAINDN} objectSid: S-1-5-32-546 sAMAccountName: Guests -systemFlags: 2348810240 +systemFlags: -1946157056 groupType: -2147483643 isCriticalSystemObject: TRUE @@ -269,7 +269,7 @@ description: Members can administer domain printers objectSid: S-1-5-32-550 adminCount: 1 sAMAccountName: Print Operators -systemFlags: 2348810240 +systemFlags: -1946157056 groupType: -2147483643 isCriticalSystemObject: TRUE privilege: SeLoadDriverPrivilege @@ -284,7 +284,7 @@ description: Backup Operators can override security restrictions for the sole pu objectSid: S-1-5-32-551 adminCount: 1 sAMAccountName: Backup Operators -systemFlags: 2348810240 +systemFlags: -1946157056 groupType: -2147483643 isCriticalSystemObject: TRUE privilege: SeBackupPrivilege @@ -300,7 +300,7 @@ description: Supports file replication in a domain objectSid: S-1-5-32-552 adminCount: 1 sAMAccountName: Replicator -systemFlags: 2348810240 +systemFlags: -1946157056 groupType: -2147483643 isCriticalSystemObject: TRUE @@ -311,7 +311,7 @@ cn: Remote Desktop Users description: Members in this group are granted the right to logon remotely objectSid: S-1-5-32-555 sAMAccountName: Remote Desktop Users -systemFlags: 2348810240 +systemFlags: -1946157056 groupType: -2147483643 isCriticalSystemObject: TRUE @@ -322,7 +322,7 @@ cn: Network Configuration Operators description: Members in this group can have some administrative privileges to manage configuration of networking features objectSid: S-1-5-32-556 sAMAccountName: Network Configuration Operators -systemFlags: 2348810240 +systemFlags: -1946157056 groupType: -2147483643 isCriticalSystemObject: TRUE @@ -333,7 +333,7 @@ cn: Performance Monitor Users description: Members of this group have remote access to monitor this computer objectSid: S-1-5-32-558 sAMAccountName: Performance Monitor Users -systemFlags: 2348810240 +systemFlags: -1946157056 groupType: -2147483643 isCriticalSystemObject: TRUE @@ -344,7 +344,7 @@ cn: Performance Log Users description: Members of this group have remote access to schedule logging of performance counters on this computer objectSid: S-1-5-32-559 sAMAccountName: Performance Log Users -systemFlags: 2348810240 +systemFlags: -1946157056 groupType: -2147483643 isCriticalSystemObject: TRUE @@ -356,7 +356,7 @@ description: Members can administer domain servers objectSid: S-1-5-32-549 adminCount: 1 sAMAccountName: Server Operators -systemFlags: 2348810240 +systemFlags: -1946157056 groupType: -2147483643 isCriticalSystemObject: TRUE privilege: SeBackupPrivilege @@ -374,7 +374,7 @@ description: Members can administer domain user and group accounts objectSid: S-1-5-32-548 adminCount: 1 sAMAccountName: Account Operators -systemFlags: 2348810240 +systemFlags: -1946157056 groupType: -2147483643 isCriticalSystemObject: TRUE privilege: SeInteractiveLogonRight @@ -386,7 +386,7 @@ cn: Pre-Windows 2000 Compatible Access description: A backward compatibility group which allows read access on all users and groups in the domain objectSid: S-1-5-32-554 sAMAccountName: Pre-Windows 2000 Compatible Access -systemFlags: 2348810240 +systemFlags: -1946157056 groupType: -2147483643 isCriticalSystemObject: TRUE privilege: SeRemoteInteractiveLogonRight @@ -399,7 +399,7 @@ cn: Incoming Forest Trust Builders description: Members of this group can create incoming, one-way trusts to this forest objectSid: S-1-5-32-557 sAMAccountName: Incoming Forest Trust Builders -systemFlags: 2348810240 +systemFlags: -1946157056 groupType: -2147483643 isCriticalSystemObject: TRUE @@ -410,7 +410,7 @@ cn: Windows Authorization Access Group description: Members of this group have access to the computed tokenGroupsGlobalAndUniversal attribute on User objects objectSid: S-1-5-32-560 sAMAccountName: Windows Authorization Access Group -systemFlags: 2348810240 +systemFlags: -1946157056 groupType: -2147483643 isCriticalSystemObject: TRUE @@ -421,7 +421,7 @@ cn: Terminal Server License Servers description: Terminal Server License Servers objectSid: S-1-5-32-561 sAMAccountName: Terminal Server License Servers -systemFlags: 2348810240 +systemFlags: -1946157056 groupType: -2147483643 isCriticalSystemObject: TRUE @@ -432,7 +432,7 @@ cn: Distributed COM Users description: Members are allowed to launch, activate and use Distributed COM objects on this machine. objectSid: S-1-5-32-562 sAMAccountName: Distributed COM Users -systemFlags: 2348810240 +systemFlags: -1946157056 groupType: -2147483643 isCriticalSystemObject: TRUE @@ -440,7 +440,7 @@ dn: CN=WellKnown Security Principals,${CONFIGDN} objectClass: top objectClass: container cn: WellKnown Security Principals -systemFlags: 2147483648 +systemFlags: -2147483648 dn: CN=Anonymous Logon,CN=WellKnown Security Principals,${CONFIGDN} objectClass: top diff --git a/source4/setup/provision_users_modify.ldif b/source4/setup/provision_users_modify.ldif index 06954c44f063..a7e8a4336aee 100644 --- a/source4/setup/provision_users_modify.ldif +++ b/source4/setup/provision_users_modify.ldif @@ -7,7 +7,7 @@ replace: showInAdvancedViewOnly showInAdvancedViewOnly: FALSE - replace: systemFlags -systemFlags: 2348810240 +systemFlags: -1946157056 - replace: isCriticalSystemObject isCriticalSystemObject: TRUE -- 2.34.1