New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix some policies content path being exported as capitalized "MACHINE" vs "Machine" for instance #346
Comments
Hey @slapcat, thanks for reporting this bug and help making adsys better. Can you share a little bit more about your Active Directory configuration and version? We haven’t encountered a samba share for Active Directory with all capitals. Do you have anything in the local samba config or on the Active Directory SYSVOL resulting in this? Before making it more flexible, it would be good for us to be able to reproduce this configuration, so that we can create non regression tests based on this. |
Thanks for the quick reply! My Windows Server 2019 is very basic and I only set it up to test ADSys. I followed the white paper on best practices and only have DNS and AD DS running on the server. Below I've added my system information, configuration of all GPOs, and some of my sysvol directory structure. I noticed that some policy folders have the correct title case subfolders (Machine/User) while others do not. Please let me know if you need any other info! sysinfo.txt |
I reproduced the same behavior on a fresh install of 20.04 (focal) using the same AD server. I've also tried manually renaming the folders on the Windows side, purging adsys and reinstalling, then running an update. A different error appears:
|
Ok, let’s separate issues, shall we? This one will be on the case and we’ll fix it once we get time to work back on this project (we have several deploiements and never had that strangely). I’m puzzled on the second issue and I think you should attach the .pol file to a new bug report so that we can analyze (the type 3 is indeed, not supported, but shouldn’t be part of the keys we analyze as we don’t ship any in our namespace. So how does the EFSBlob key is now part of it?) |
A question on the path content itself (on this bug): can you list the whole content (recursively) of |
Sounds good. I think the second issue was just because I was monkeying around with the Windows directory structure, so I'm less concerned about that than the first/primary issues. I've attached a recursive list of the directory as well as the |
I don’t see any MACHINE capitalized in |
Ah, you're right. Sorry, that was grabbed after I made the manual renames. Here is a similar output from 2 days prior showing multiple GPOs with uppercase folder names:
|
Excellent! This is what we needed :) So, GPT.INI is always capitale, only Machine vs MACHINE and User vs USER. I wonder if we do something completely case independent or just support those 2 cases (avoid listing every directories for lowercase string match). This will be easy to fix anyway. |
Glad to hear it! Adding one more detail: I reinstalled the Windows server and noticed that the Default Domain Policy and Default Domain Controllers Policy directories both had UPPERCASE folder names, but as soon as I created a new GPO from scratch, it used TitleCase names. Hope this helps. |
On some default GPOs created by Microsoft such as 'Default Domain Policy', the object class directory names can be uppercase (e.g. MACHINE or USER instead of Machine or User). Currently we only check the capitalized version of the directory (e.g. Machine), silently failing to parse any rules if we can't find a directory that matches this name exactly. To account for this case, check for both capitalized and uppercase directories when parsing GPOs -- first the capitalized variant which is most common, then the uppercase one. If none of the variants are found, continue with the previous behavior of printing a debug message. Fixes #346 / DEENG-314
On some default GPOs created by Microsoft such as 'Default Domain Policy', the object class directory names can be uppercase (e.g. MACHINE or USER instead of Machine or User). Currently we only check the capitalized version of the directory (e.g. Machine), silently failing to parse any rules if we can't find a directory that matches this name exactly. To account for this case, check for both capitalized and uppercase directories when parsing GPOs -- first the capitalized variant which is most common, then the uppercase one. If none of the variants are found, continue with the previous behavior of printing a debug message. Fixes #346 / DEENG-314
On some default GPOs created by Microsoft such as 'Default Domain Policy', the object class directory names can be uppercase (e.g. MACHINE or USER instead of Machine or User). Currently we only check the capitalized version of the directory (e.g. Machine), silently failing to parse any rules if we can't find a directory that matches this name exactly. To account for this case, check for both capitalized and uppercase directories when parsing GPOs -- first the capitalized variant which is most common, then the uppercase one. If none of the variants are found, continue with the previous behavior of printing a debug message. Fixes #346 / DEENG-314
On some default GPOs created by Microsoft such as 'Default Domain Policy', the object class directory names can be uppercase (e.g. MACHINE or USER instead of Machine or User). Currently we only check the capitalized version of the directory (e.g. Machine), silently failing to parse any rules if we can't find a directory that matches this name exactly. To account for this case, check for both capitalized and uppercase directories when parsing GPOs -- first the capitalized variant which is most common, then the uppercase one. If none of the variants are found, continue with the previous behavior of printing a debug message. Fixes #346 / DEENG-303
On some default GPOs created by Microsoft such as 'Default Domain Policy', the object class directory names can be uppercase (e.g. MACHINE or USER instead of Machine or User). Currently we only check the capitalized version of the directory (e.g. Machine), silently failing to parse any rules if we can't find a directory that matches this name exactly. To account for this case, check for both capitalized and uppercase directories when parsing GPOs -- first the capitalized variant which is most common, then the uppercase one. If none of the variants are found, continue with the previous behavior of printing a debug message. Fixes #346 / DEENG-303
Description
Reproduction
Environment
Installed versions
adsysctl 0.8.4
adsysd 0.8.4
Additional context
User running
adsysctl update -vvv
:Admin running
sudo adsysctl update -a -vvv
:sudo ls -lh /var/cache/adsys/sysvol/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/
:Important errors:
The text was updated successfully, but these errors were encountered: