From: Douglas Bagnall Date: Thu, 27 Feb 2025 04:45:30 +0000 (+1300) Subject: manpages: samba-tool gpo load X-Git-Tag: tevent-0.17.0~546 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1f34e45b4364563a880766c0ad27ac724d30f4a1;p=thirdparty%2Fsamba.git manpages: samba-tool gpo load Signed-off-by: Douglas Bagnall Reviewed-by: Rowland Penny --- diff --git a/docs-xml/manpages/samba-tool.8.xml b/docs-xml/manpages/samba-tool.8.xml index 8929fcedc55..38f895e5b3f 100644 --- a/docs-xml/manpages/samba-tool.8.xml +++ b/docs-xml/manpages/samba-tool.8.xml @@ -2737,6 +2737,91 @@ CSE), and unregisters it for applying policy on the current host. Use the List all linked containers for a GPO. + + + gpo load <replaceable>gpo</replaceable> [options] + +Load policies onto a GPO. + + +Reads json from standard input until EOF, unless a json formatted +file is provided via --content. + + + Example json_input: + +[ + { + "keyname": "Software\Policies\Mozilla\Firefox\Homepage", + "valuename": "StartPage", + "class": "USER", + "type": "REG_SZ", + "data": "homepage" + }, + { + "keyname": "Software\Policies\Mozilla\Firefox\Homepage", + "valuename": "URL", + "class": "USER", + "type": "REG_SZ", + "data": "google.com" + }, + { + "keyname": "Software\Microsoft\Internet Explorer\Toolbar", + "valuename": "IEToolbar", + "class": "USER", + "type": "REG_BINARY", + "data": [0] + }, + { + "keyname": "Software\Policies\Microsoft\InputPersonalization", + "valuename": "RestrictImplicitTextCollection", + "class": "USER", + "type": "REG_DWORD", + "data": 1 + } + ] + + + +Valid class attributes: MACHINE|USER|BOTH +Data arrays are interpreted as bytes. + + +The --machine-ext-name and --user-ext-name options are multi-value inputs +which respectively set the gPCMachineExtensionNames and gPCUserExtensionNames +ldap attributes on the GPO. These attributes must be set to the correct GUID +names for Windows Group Policy to work correctly. These GUIDs represent +the client side extensions to apply on the machine. Linux Group Policy does +not enforce this constraint. +{35378EAC-683F-11D2-A89A-00C04FBBCFA2} is provided by default, which +enables most Registry policies. + + + + + -H H + LDB URL for database or target server + + + --content=CONTENT + JSON file of policy inputs + + + --machine-ext-name=MACHINE_EXTS + A machine extension name to add to gPCMachineExtensionNames + + + --user-ext-name=USER_EXTS + A user extension name to add to gPCUserExtensionNames + + + --replace + Replace the existing Group Policies, rather than merging + + + + + gpo setinheritance <replaceable>container_dn</replaceable> <replaceable>block|inherit</replaceable> [options] Set inheritance flag on a container. @@ -2747,6 +2832,97 @@ CSE), and unregisters it for applying policy on the current host. Use the Add or Update a GPO link to a container. + + gpo remove<replaceable>gpo</replaceable> [options] + Show information for a GPO. +Remove policies from a GPO. + + +Reads json from standard input until EOF, unless a json formatted +file is provided via --content. + + + + +Example json_input: +[ + { + "keyname": "Software\Policies\Mozilla\Firefox\Homepage", + "valuename": "StartPage", + "class": "USER", + }, + { + "keyname": "Software\Policies\Mozilla\Firefox\Homepage", + "valuename": "URL", + "class": "USER", + }, + { + "keyname": "Software\Microsoft\Internet Explorer\Toolbar", + "valuename": "IEToolbar", + "class": "USER" + }, + { + "keyname": "Software\Policies\Microsoft\InputPersonalization", + "valuename": "RestrictImplicitTextCollection", + "class": "USER" + } +] + + +Valid class attributes: MACHINE|USER|BOTH + + + + + -H H + LDB URL for database or target server + + + --content=CONTENT + JSON file of policy inputs + + + --machine-ext-name=MACHINE_EXTS + A machine extension name to remove from gPCMachineExtensionNames + + + --user-ext-name=USER_EXTS + A user extension name to remove from gPCUserExtensionNames + + + --color=always|never|auto + use colour if available (default: auto) + + + + + + gpo restor <replaceable>displayname</replaceable> <replaceable>backup location</replaceable> [options] + +Restore a GPO to a new container. + + + + -H H + LDB URL for database or target server + + + --tmpdir=TMPDIR + Temporary directory for copying policy files + + + --entities=ENTITIES + File defining XML entities to insert into DOCTYPE header + + + --restore-metadata + Keep the old GPT.INI file and associated version number + + + + + + gpo show <replaceable>gpo</replaceable> [options] Show information for a GPO.