Topic: Windows 10

[lloydh]

My SME server is a home server running as a domain controller, there are 4 Windows PC's in the house all domain members and I have spent a lot of time on in the past 12 months upgrading all of these PC's to Windows 8.1 Pro ready to take advantage of the free upgrade to Windows 10.

In April I joined the Windows Insider program running Windows 10 Pro in a VM on my Centos desktop.      I had many problems, some builds would join the domain while others would not but any that did join would not run the logon script and that problem was still there when in the final release last week.      I spent a lot of time searching on Google but unfortunately there was not a lot of information out there and some of the information I read lead to confusion on my part as Windows is not one of my strong points.

Finally this morning I found a solution and I thought I would share my findings.

Before joining the domain I added the two documented registry entries and joining was never a problem.

To get the logon script to run on the Windows 10 workstation I ran GPEDIT.MSC as Administrator, went to Local Computer Policy -> Administrative templates -> Network -> Networkprovider -> Hardened UNC Paths, enable Hardened UNC Paths and then added the following path.     

\\myservername\netlogon

I then added the following values to that path.

RequireMutualAuthentication=0,RequireIntegrity=0,RequirePrivacy=0

This may not be the definitive solution but it works for me, does anybody have any thoughts on this.

[stephdl]

Thanks for sharing
I have not too much experiences with window but sme has to work with it. We must find a regedit way to have a workable solution.....maybe like we dit for w7 and w8

http://wiki.contribs.org/Windows_8_Support

[janet]

Lloyd

Would you please provide the source link or website for those registry tweaks.

[georgios]

Hi,
thank you for your answer,

a last Question please: now I have well configured the new SME Server 9 with a Public IP direct (my server is now in a dedicated host in the cloud).


All my client (Thunderbird imap) are now in a different public network (my old server was in the office before), I have so added the public ip network of the office in the Security/Remote network to manage Sme.

Question
from thunderbird : I can download/receive (from TLS/SSL port 993, not 143  ) email but could not send email (Relayed Denied)
 On my old configuration client, I was receiving my emails in port 143 StartSSL

I can see also that I cannot telnet port 143 from my public office network but only 993. I can telnet port 25.

As I read from some post, they say to put 'config setprop qpsmtpd RelayRequiresAuth disabled' is it right?
should I put my Public Office Network somewhere in my configuration?


from Iphone (smartphone: I can receive and send email with no problems.

thank you a lot! 

[lloydh]

Lloyd
Would you please provide the source link or website for those registry tweaks.

Sorry, for some reason I thought they were on contribs.org but they are actually on the Samba Wiki pages here https://wiki.samba.org/index.php/Required_settings_for_NT4-style_domains, this is a copy from that page.

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters]

"DomainCompatibilityMode"=dword:00000001
"DNSNameResolutionRequired"=dword:00000000

You just need to add those two keys, I have been using them since Windows 7, then on Windows 8 and 8.1 and now on Windows 10 and I have never had any domain problems.

I noticed there is a new "Windows 10" addition to the Wiki article but I haven't seen that problem myself.

[janet]

lloydh

Thanks
I was moreso asking about where you got this login script registry tip from:

To get the logon script to run on the Windows 10 workstation I ran GPEDIT.MSC as Administrator, went to Local Computer Policy -> Administrative templates -> Network -> Networkprovider -> Hardened UNC Paths, enable Hardened UNC Paths and then added the following path.     
    \\myservername\netlogon
I then added the following values to that path.
    RequireMutualAuthentication=0,RequireIntegrity=0,RequirePrivacy=0
This may not be the definitive solution but it works for me, does anybody have any thoughts on this.

[lloydh]

In all the searching I did I copied the data into a document but I didn't keep the url's and it's taken a bit to find that url again but this is where I got my information from http://www.spinics.net/lists/samba/msg127152.html.

Janet, just to clarify, you referred to this as a registry change, it not in the registry but in Group Policies.

As I have said, all my testing so far has been on Windows 10 Pro in a VM.     I have now upgraded one of my PC's from Windows 8.1 Pro to Windows 10 Pro, because I was doing a clean install I removed the PC from the domain before I started.      When the installation was complete I added the two registry keys and the path in group policies, the PC joined the domain without a problem and the logon script runs when I log in with a domain account so I am satisfied all is working as it should. 

[stephdl]

Please can you write a dedicated page on the wiki to windows 10. You can use the other windows page as templates for your work and ask some help for the wiki editing if needed.

I don't have W10 therefore it is up to you to start the work

Once done we should add in the server ressource something to give easier all regedit and group modifications.

[lloydh]

Steph, I'm sorry but I have to decline your request, I am 70 with severe mental problems following a breakdown 10 years ago, I struggle with technical things now and only do enough to keep our home network running, I make a lot of mistakes and I often have to walk away from things sometimes for weeks at a time which happened a number of times while I was testing Windows 10.

[stephdl]

it's ok Mate, take care of you

[flep]

The registry key is :

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths]
"\\\\*\\netlogon"="RequireMutualAuthentication=0,RequireIntegrity=0,RequirePrivacy=0"

[stephdl]

Thanks for reporting. Is it something that you add alone or with the other register keys that we propose in the server-ressources for w7/8 and xp

[flep]

I add it to have logon script working with an existing pc who has update from win7  to win10.

Further test with a full clean win10 laptop work with both :

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters]
"DomainCompatibilityMode"=dword:00000001
"DNSNameResolutionRequired"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths]
"\\\\*\\netlogon"="RequireMutualAuthentication=0,RequireIntegrity=0,RequirePrivacy=0"

[stephdl]

It worth a big thank you flep  and also for lloydh who initiated the thread

please follow up the bug http://bugs.contribs.org/show_bug.cgi?id=9028 I have no W10 to test with sme

[fhs74]

I migrated to windows 10.

And I saw the need to create user profiles of the following ways:

username.V5

This is for the roaming profils work well.

Would it be possible to take you directly into account when creating users from the server-manager.

Thank a lot.

FHS