Skip to content

sysvol acl support deny aces (bug #14927)

if an admin applies delegation on GPOs and denies access to cerain trustees, then the next samba-tool ntacl sysvolreset will discard the deny ACEs. Next time MMC opend that GPO it will complain that ther permissions don't match and suggests to fix it, which will also work (till sysvolreset strikes again).


  • Commits have Signed-off-by: with name/author being identical to the commit author
  • (optional) This MR is just one part towards a larger feature.
  • (optional, if backport required) Bugzilla bug filed and BUG: tag added
  • Test suite updated with functionality tests
  • Test suite updated with negative tests
  • Documentation updated
  • CI timeout is 3h or higher (see Settings/CICD/General pipelines/ Timeout)

Reviewer's checklist:

  • There is a test suite reasonably covering new functionality or modifications
  • Function naming, parameters, return values, types, etc., are consistent and according to
  • This feature/change has adequate documentation added
  • No obvious mistakes in the code
Edited by Stefan Metzmacher

Merge request reports