mirror of
https://github.com/samba-team/samba.git
synced 2025-02-02 09:47:23 +03:00
[SAMBA 4 directory] Corrects the "systemFlags" attributes
Set the values like Windows Server 2003 R2.
This commit is contained in:
Matthias Dieter Wallnöfer
Andrew Bartlett
parent
d4a969530d
commit
b31f1e6d5b
@ -3,7 +3,7 @@ objectClass: top
|
||||
objectClass: organizationalUnit
|
||||
cn: Domain Controllers
|
||||
description: Default container for domain controllers
|
||||
systemFlags: 2348810240
|
||||
systemFlags: -1946157056
|
||||
isCriticalSystemObject: TRUE
|
||||
showInAdvancedViewOnly: FALSE
|
||||
|
||||
@ -12,7 +12,7 @@ objectClass: top
|
||||
objectClass: container
|
||||
cn: ForeignSecurityPrincipals
|
||||
description: Default container for security identifiers (SIDs) associated with objects from external, trusted domains
|
||||
systemFlags: 2348810240
|
||||
systemFlags: -1946157056
|
||||
isCriticalSystemObject: TRUE
|
||||
showInAdvancedViewOnly: FALSE
|
||||
|
||||
@ -21,14 +21,14 @@ objectClass: top
|
||||
objectClass: container
|
||||
cn: System
|
||||
description: Builtin system settings
|
||||
systemFlags: 2348810240
|
||||
systemFlags: -1946157056
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=RID Manager$,CN=System,${DOMAINDN}
|
||||
objectclass: top
|
||||
objectclass: rIDManager
|
||||
cn: RID Manager$
|
||||
systemFlags: 2348810240
|
||||
systemFlags: -1946157056
|
||||
isCriticalSystemObject: TRUE
|
||||
fSMORoleOwner: CN=NTDS Settings,${SERVERDN}
|
||||
rIDAvailablePool: 4611686014132423217
|
||||
@ -48,7 +48,7 @@ dn: CN=Infrastructure,${DOMAINDN}
|
||||
objectclass: top
|
||||
objectclass: infrastructureUpdate
|
||||
cn: Infrastructure
|
||||
systemFlags: 2348810240
|
||||
systemFlags: -1946157056
|
||||
isCriticalSystemObject: TRUE
|
||||
fSMORoleOwner: CN=NTDS Settings,${SERVERDN}
|
||||
|
||||
@ -56,7 +56,7 @@ dn: CN=Builtin,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: builtinDomain
|
||||
cn: Builtin
|
||||
forceLogoff: 9223372036854775808
|
||||
forceLogoff: -9223372036854775808
|
||||
lockoutDuration: -18000000000
|
||||
lockOutObservationWindow: -18000000000
|
||||
lockoutThreshold: 0
|
||||
@ -73,10 +73,12 @@ uASCompat: 1
|
||||
modifiedCount: 1
|
||||
isCriticalSystemObject: TRUE
|
||||
showInAdvancedViewOnly: FALSE
|
||||
systemFlags: -1946157056
|
||||
|
||||
dn: CN=Policies,CN=System,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
systemFlags: -1946157056
|
||||
|
||||
dn: CN=IP Security,CN=System,${DOMAINDN}
|
||||
objectClass: top
|
||||
|
||||
@ -7,7 +7,7 @@ replace: showInAdvancedViewOnly
|
||||
showInAdvancedViewOnly: FALSE
|
||||
-
|
||||
replace: systemFlags
|
||||
systemFlags: 2348810240
|
||||
systemFlags: -1946157056
|
||||
-
|
||||
replace: isCriticalSystemObject
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
@ -5,7 +5,7 @@ dn: CN=Partitions,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: crossRefContainer
|
||||
cn: Partitions
|
||||
systemFlags: 2147483648
|
||||
systemFlags: -2147483648
|
||||
msDS-Behavior-Version: 0
|
||||
fSMORoleOwner: CN=NTDS Settings,${SERVERDN}
|
||||
|
||||
@ -38,25 +38,25 @@ dn: CN=Sites,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: sitesContainer
|
||||
cn: Sites
|
||||
systemFlags: 2181038080
|
||||
systemFlags: -2113929216
|
||||
|
||||
dn: CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: site
|
||||
cn: ${DEFAULTSITE}
|
||||
systemFlags: 2181038080
|
||||
systemFlags: 1107296256
|
||||
|
||||
dn: CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: serversContainer
|
||||
cn: Servers
|
||||
systemFlags: 2181038080
|
||||
systemFlags: 33554432
|
||||
|
||||
dn: CN=Services,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
cn: Services
|
||||
systemFlags: 2147483648
|
||||
systemFlags: -2147483648
|
||||
|
||||
dn: CN=Windows NT,CN=Services,${CONFIGDN}
|
||||
objectClass: top
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
dn: CN=Default Domain Policy,CN=System,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: leaf
|
||||
objectClass: domainPolicy
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
@ -15,7 +16,7 @@ objectClass: groupPolicyContainer
|
||||
displayName: Default Domain Policy
|
||||
gPCFunctionalityVersion: 2
|
||||
gPCFileSysPath: \\${DNSDOMAIN}\sysvol\${DNSDOMAIN}\Policies\{${POLICYGUID}}
|
||||
versionNumber: 1
|
||||
versionNumber: 65543
|
||||
flags: 0
|
||||
gPCMachineExtensionNames: [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{53D6AB1B-248
|
||||
8-11D1-A28C-00C04FB94F17}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4
|
||||
@ -25,11 +26,14 @@ gPCUserExtensionNames: [{3060E8D0-7020-11D2-842D-00C04FA372D4}{3060E8CE-7020-1
|
||||
1D2-842D-00C04FA372D4}][{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-
|
||||
11D1-A7CC-0000F87571E3}]
|
||||
nTSecurityDescriptor: O:${DOMAINSID}-512G:${DOMAINSID}-512D:PAI(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-512)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-519)(A;;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-512)(A;CIIO;RPWPCCDCLCLORCWOWDSDDTSW;;;CO)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;SY)(A;CI;RPLCLORC;;;AU)(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(A;CI;RPLCLORC;;;ED)S:AI(OU;CIIDSA;WPWD;;f30e3bc2-9ff0-11d1-b603-0000f80367c1;WD)(OU;CIIOIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIOIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)
|
||||
systemFlags: -1946157056
|
||||
|
||||
dn: CN=User,CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
systemFlags: -1946157056
|
||||
|
||||
dn: CN=Machine,CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
systemFlags: -1946157056
|
||||
|
||||
@ -7,6 +7,7 @@ rootDomainNamingContext: ${ROOTDN}
|
||||
configurationNamingContext: ${CONFIGDN}
|
||||
schemaNamingContext: ${SCHEMADN}
|
||||
supportedLDAPVersion: 3
|
||||
supportedLDAPVersion: 2
|
||||
dnsHostName: ${DNSNAME}
|
||||
ldapServiceName: ${DNSDOMAIN}:${NETBIOSNAME}$@${REALM}
|
||||
serverName: ${SERVERDN}
|
||||
|
||||
@ -208,7 +208,7 @@ member: CN=Administrator,CN=Users,${DOMAINDN}
|
||||
objectSid: S-1-5-32-544
|
||||
adminCount: 1
|
||||
sAMAccountName: Administrators
|
||||
systemFlags: 2348810240
|
||||
systemFlags: -1946157056
|
||||
groupType: -2147483643
|
||||
isCriticalSystemObject: TRUE
|
||||
privilege: SeSecurityPrivilege
|
||||
@ -244,7 +244,7 @@ description: Users are prevented from making accidental or intentional system-wi
|
||||
member: CN=Domain Users,CN=Users,${DOMAINDN}
|
||||
objectSid: S-1-5-32-545
|
||||
sAMAccountName: Users
|
||||
systemFlags: 2348810240
|
||||
systemFlags: -1946157056
|
||||
groupType: -2147483643
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
@ -257,7 +257,7 @@ member: CN=Domain Guests,CN=Users,${DOMAINDN}
|
||||
member: CN=Guest,CN=Users,${DOMAINDN}
|
||||
objectSid: S-1-5-32-546
|
||||
sAMAccountName: Guests
|
||||
systemFlags: 2348810240
|
||||
systemFlags: -1946157056
|
||||
groupType: -2147483643
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
@ -269,7 +269,7 @@ description: Members can administer domain printers
|
||||
objectSid: S-1-5-32-550
|
||||
adminCount: 1
|
||||
sAMAccountName: Print Operators
|
||||
systemFlags: 2348810240
|
||||
systemFlags: -1946157056
|
||||
groupType: -2147483643
|
||||
isCriticalSystemObject: TRUE
|
||||
privilege: SeLoadDriverPrivilege
|
||||
@ -284,7 +284,7 @@ description: Backup Operators can override security restrictions for the sole pu
|
||||
objectSid: S-1-5-32-551
|
||||
adminCount: 1
|
||||
sAMAccountName: Backup Operators
|
||||
systemFlags: 2348810240
|
||||
systemFlags: -1946157056
|
||||
groupType: -2147483643
|
||||
isCriticalSystemObject: TRUE
|
||||
privilege: SeBackupPrivilege
|
||||
@ -300,7 +300,7 @@ description: Supports file replication in a domain
|
||||
objectSid: S-1-5-32-552
|
||||
adminCount: 1
|
||||
sAMAccountName: Replicator
|
||||
systemFlags: 2348810240
|
||||
systemFlags: -1946157056
|
||||
groupType: -2147483643
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
@ -311,7 +311,7 @@ cn: Remote Desktop Users
|
||||
description: Members in this group are granted the right to logon remotely
|
||||
objectSid: S-1-5-32-555
|
||||
sAMAccountName: Remote Desktop Users
|
||||
systemFlags: 2348810240
|
||||
systemFlags: -1946157056
|
||||
groupType: -2147483643
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
@ -322,7 +322,7 @@ cn: Network Configuration Operators
|
||||
description: Members in this group can have some administrative privileges to manage configuration of networking features
|
||||
objectSid: S-1-5-32-556
|
||||
sAMAccountName: Network Configuration Operators
|
||||
systemFlags: 2348810240
|
||||
systemFlags: -1946157056
|
||||
groupType: -2147483643
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
@ -333,7 +333,7 @@ cn: Performance Monitor Users
|
||||
description: Members of this group have remote access to monitor this computer
|
||||
objectSid: S-1-5-32-558
|
||||
sAMAccountName: Performance Monitor Users
|
||||
systemFlags: 2348810240
|
||||
systemFlags: -1946157056
|
||||
groupType: -2147483643
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
@ -344,7 +344,7 @@ cn: Performance Log Users
|
||||
description: Members of this group have remote access to schedule logging of performance counters on this computer
|
||||
objectSid: S-1-5-32-559
|
||||
sAMAccountName: Performance Log Users
|
||||
systemFlags: 2348810240
|
||||
systemFlags: -1946157056
|
||||
groupType: -2147483643
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
@ -356,7 +356,7 @@ description: Members can administer domain servers
|
||||
objectSid: S-1-5-32-549
|
||||
adminCount: 1
|
||||
sAMAccountName: Server Operators
|
||||
systemFlags: 2348810240
|
||||
systemFlags: -1946157056
|
||||
groupType: -2147483643
|
||||
isCriticalSystemObject: TRUE
|
||||
privilege: SeBackupPrivilege
|
||||
@ -374,7 +374,7 @@ description: Members can administer domain user and group accounts
|
||||
objectSid: S-1-5-32-548
|
||||
adminCount: 1
|
||||
sAMAccountName: Account Operators
|
||||
systemFlags: 2348810240
|
||||
systemFlags: -1946157056
|
||||
groupType: -2147483643
|
||||
isCriticalSystemObject: TRUE
|
||||
privilege: SeInteractiveLogonRight
|
||||
@ -386,7 +386,7 @@ cn: Pre-Windows 2000 Compatible Access
|
||||
description: A backward compatibility group which allows read access on all users and groups in the domain
|
||||
objectSid: S-1-5-32-554
|
||||
sAMAccountName: Pre-Windows 2000 Compatible Access
|
||||
systemFlags: 2348810240
|
||||
systemFlags: -1946157056
|
||||
groupType: -2147483643
|
||||
isCriticalSystemObject: TRUE
|
||||
privilege: SeRemoteInteractiveLogonRight
|
||||
@ -399,7 +399,7 @@ cn: Incoming Forest Trust Builders
|
||||
description: Members of this group can create incoming, one-way trusts to this forest
|
||||
objectSid: S-1-5-32-557
|
||||
sAMAccountName: Incoming Forest Trust Builders
|
||||
systemFlags: 2348810240
|
||||
systemFlags: -1946157056
|
||||
groupType: -2147483643
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
@ -410,7 +410,7 @@ cn: Windows Authorization Access Group
|
||||
description: Members of this group have access to the computed tokenGroupsGlobalAndUniversal attribute on User objects
|
||||
objectSid: S-1-5-32-560
|
||||
sAMAccountName: Windows Authorization Access Group
|
||||
systemFlags: 2348810240
|
||||
systemFlags: -1946157056
|
||||
groupType: -2147483643
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
@ -421,7 +421,7 @@ cn: Terminal Server License Servers
|
||||
description: Terminal Server License Servers
|
||||
objectSid: S-1-5-32-561
|
||||
sAMAccountName: Terminal Server License Servers
|
||||
systemFlags: 2348810240
|
||||
systemFlags: -1946157056
|
||||
groupType: -2147483643
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
@ -432,7 +432,7 @@ cn: Distributed COM Users
|
||||
description: Members are allowed to launch, activate and use Distributed COM objects on this machine.
|
||||
objectSid: S-1-5-32-562
|
||||
sAMAccountName: Distributed COM Users
|
||||
systemFlags: 2348810240
|
||||
systemFlags: -1946157056
|
||||
groupType: -2147483643
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
@ -440,7 +440,7 @@ dn: CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
cn: WellKnown Security Principals
|
||||
systemFlags: 2147483648
|
||||
systemFlags: -2147483648
|
||||
|
||||
dn: CN=Anonymous Logon,CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
|
||||
@ -7,7 +7,7 @@ replace: showInAdvancedViewOnly
|
||||
showInAdvancedViewOnly: FALSE
|
||||
-
|
||||
replace: systemFlags
|
||||
systemFlags: 2348810240
|
||||
systemFlags: -1946157056
|
||||
-
|
||||
replace: isCriticalSystemObject
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user