Set up group policy

NethServer Version: NethServer release 7.6.1810 (final)
Module: your_module

Dear Community members,

Hope you are doing well, I am new to NethServer, I already set up a domain controller using Nethserver and connect my Laptops to the domain controller. My question is whether I can apply a group policy via Nethserver so that every laptop connected to the domain controller runs only particular software. (restrict users not to install any software on a laptop).

I am very thankful to you.

Kind Regards,
Adnan

there is not any option on the server to define policies for each user. I think so I can logged in via Admin account on one of my laptop and define policies for each user. Am I right or wrong?? If yes then where I can define? Please share your thoughts…

Hi Adnan, welcome to NethServer community!

NethServer has no special handling of AD GPOs. At the moment you can refer to the official Samba DC 4.8 and Microsoft AD documentation about GPOs. In other words: defining a GPO in NethServer should be like doing it with any other AD domain controller implementation.

We planned to expose from the Cockpit UI some old (Samba 3) domain features, like “home drive letter” or “roaming profiles”, by implementing them with GPOs.

If you want to define GPO’s you will have to use RSAT tools on a Windows client. You are bound to restrictions of Samba4. As @davidep already suggested: consult the Samba4.8 docs for that.
Here some useful links:
https://wiki.samba.org/index.php/GSOC_GPO
https://www.tecmint.com/manage-samba4-dns-group-policy-from-windows/

1 Like

Thank you

I am wondering, how can I put gpo like in macosx environnement (we won’t I know… :slight_smile:) the main objectif is to achieve the same result on macosx with gpo, for me the only way maybe is via openldap side with phpmyldap sort of things, but I daubt for the same result synce its Unix side, with a third party software maybe… Toughts… :sweat_smile:

Hummmm I saw this not tested

Well a lit bit expensive… Im searching opensource way

This maybe worth…

BeyondTrust

BEYONDTRUST AD BRIDGE

APT Repository

Quickly and easily bring your Linux and UNIX servers into Your Active Directory deployment.

In order to use the BeyondTrust AD Bridge APT repository you must add the BeyondTrust AD Bridge repository to your system following the instructions below.

BeyondTrust AD Bridge Open Edition

The PBISO APT repository for Debian, Ubuntu, and Mint is here: PBISO APT REPOSITORY

To add the BeyondTrust AD Bridge Open repository to your system, use the following command:

wget -O - http://repo.pbis.beyondtrust.com/apt/RPM-GPG-KEY-pbis|sudo apt-key add -sudo wget -O /etc/apt/sources.list.d/pbiso.list http://repo.pbis.beyondtrust.com/apt/pbiso.listsudo apt-get update

Once your Repository has been added, you can then install the BeyondTrust AD Bridge using the following commands:

sudo apt-get install pbis-open

BeyondTrust AD Bridge Enterprise Edition

The PBISE APT repository for Debian, Ubuntu, and Mint is here: PBISE APT REPOSITORY

To add the BeyondTrust AD Bridge Enterprise repository to your system, use the following command:

wget -O - http://repo.pbis.beyondtrust.com/apt/RPM-GPG-KEY-pbis|sudo apt-key add -sudo wget -O /etc/apt/sources.list.d/pbiso.list http://repo.pbis.beyondtrust.com/apt/pbise.listsudo apt-get update

Once your Repository has been added, you can then install the BeyondTrust AD Bridge using the following commands:

sudo apt-get install pbis-enterprise

1 Like