Good day Matthieu. Please note that my colleague Sebastian is out of the office for the next few days. In the interim, I will be your contact. Thanks in advance for your patience!
I have reviewed the case, and want to make sure I address any open questions. My current read indicates we haven't answered the below question. Could you confirm this is the case, and advise me of any other open questions you have? And last but not least question, it seems that GPMC wants to have OI and CI flags on every ACL entries; is it due to the presence of the "SDDL_AUTO_INHERITED">control in the SDDL? Thanks in advance! Regards, Bill Wesse MCSE, MCTS / Senior Escalation Engineer, US-CSSĀ DSC PROTOCOL TEAM 8055 Microsoft Way Charlotte, NC 28273 Email: bil...@microsoft.com Tel: +1(980) 776-8200 Cell: +1(704) 661-5438 Fax: +1(704) 665-9606 From: Matthieu Patou [mailto:mat+informatique.sa...@matws.net] Sent: Tuesday, December 22, 2009 3:56 PM To: Hongwei Sun Cc: Sebastian Canevari; cifs-proto...@samba.org; p...@tridgell.net Subject: Re: FW: [cifs-protocol] Group Policy questions On 23/12/2009 00:47, Hongwei Sun wrote: > Matthieu, > > Your summary is a good recap of what we have done on this topic. I have > one clarification for the point below. > > * All ACE for allowed object are wipped out when > "translating" AD ACL to File ACL > > When translating a ACL for DS object to a ACL for SYSVOL file object, > the ACEs with types of ACCESS_ALLOWED_OBJECT_ACE_TYPE, > ACCESS_DENIED_OBJECT_ACE_TYPE and SYSTEM_AUDIT_OBJECT_ACE_TYPE are not really > deleted from the ACL. Instead, for such a ACE, access mask in AceHeader is > assigned to zero. > Yeah I meant that when "translating" an AD ACL to a file ACL we do not care about it, for all those ACCESS_ALLOWED_OBJECT_ACE_TYPE in the AD no corresponding ACE in created. > Sebastian will follow up with you on your question regarding documenting > the logic for ACE OI and CI flags. > > Thanks! > > Hongwei > _______________________________________________ cifs-protocol mailing list cifs-protocol@cifs.org https://lists.samba.org/mailman/listinfo/cifs-protocol
