y6hpSSKrSSKrSSKJr SSKrSSKrSSKJs J r SSK r SSK r SSK Jr SSKJrJrJrJr SSKJr SSKJr SSKJr SSKJrJr SSKJr SSKrSSK rSS K JrJ r J!r! SS K"J#r# SS KJ$r$ SS K%J&r' SS KJ(r( SSK)r)SSK*J+r+ SSKJ,r, SSK-J.r. SSK/J0r0J1r1J2r2 SSK3J4r4 SSK5J6r6J7r7J8r8J9r9 SSK:J;r; SSKJ?r? SSKJ@r@ SSK"JArA SSKBJCrCJDrD SSKEJFrF SSKGJHrHJIrI SSKJJKrKJLrL SSKMrMSSKNrNSSKOJPrP SSKQJRrRJSrSJTrTJUrUJVrV SSKWJXrXJYrYJZrZ SS K[J\r\ SS!K]J^r^ SS"K_J`r`JaraJbrb S#rcS$rdS%reS&rfSS'jrgSSS\R\R-\R-\R-4S(jrlS)rmS*rnS+ro\R4S,jrqS-rr\'R\'R-\'R-\'R-rwS.rxSS/jry"S0S1\5rz"S2S3\z5r{"S4S5\z5r|"S6S7\z5r}"S8S9\z5r~"S:S;\z5r"S<S=\z5r"S>S?\z5r"S@SA\z5r"SBSC\z5r"SDSE\z5r"SFSG\z5r"SHSI\z5r"SJSK\z5r"SLSM\z5r"SNSO\5r"SPSQ\z5r"SRSS\z5r"STSU\5r"SVSW\z5r"SXSY\5r"SZS[\z5r"S\S]\5r"S^S_\z5r"S`Sa\5r"SbSc\5r"SdSe\5r"SfSg\z5r"ShSi\5r"SjSk\5r"SlSm\z5r"SnSo\z5r"SpSq\5r"SrSs\5r"StSu\z5r"SvSw\z5r"SxSy\5r"SzS{\5r"S|S}\z5r"S~S\5r"SS\5r"SS\z5r"SS\z5r"SS\5r"SS\5r"SS\5r"SS\z5r"SS\5r"SS\5r"SS\z5r"SS\5r"SS\5r"SS\z5r"SS\z5r"SS\5r"SS\5r"SS\5r"SS\5r"SS\5r"SS\5r"SS\5rg)N)system_session)Command CommandErrorOption SuperCommand)SamDB)dsdb)security) ndr_unpackndr_pack)preg) AUTH_SESSION_INFO_DEFAULT_GROUPSAUTH_SESSION_INFO_AUTHENTICATED#AUTH_SESSION_INFO_SIMPLE_PRIVILEGES) netcmd_finddc)policy)libsmb_samba_internal) NTSTATUSError) dsacl2fsacl)nbt)Net)GPParserGPNoParserExceptionGPGeneralizeException) GPPolParser) GPIniParser GPTIniParserGPFDeploy1IniParserGPScriptsIniParser)GPAuditCsvParser)GptTmplInfParser) GPAasParser)param) attr_default) get_bytes get_string) ConfigParser)StringIOBytesIO) calc_modestat_from_mode) str_regtype)NT_STATUS_OBJECT_NAME_INVALIDNT_STATUS_OBJECT_NAME_NOT_FOUNDNT_STATUS_OBJECT_PATH_NOT_FOUNDNT_STATUS_OBJECT_NAME_COLLISIONNT_STATUS_ACCESS_DENIED)create_directory_hiersmb_connection get_gpo_dn)RegistryGroupPolicies) REG_MULTI_SZ)register_gp_extensionlist_gp_extensionsunregister_gp_extensioncj[R"U5nU(dSnU$SRU5nU$)zreturn gpo flags stringNONE )r get_gpo_flagsjoin)valueflagsrets 2/usr/lib/python3/dist-packages/samba/netcmd/gpo.pygpo_flags_stringrC[s5   'E  Jhhuo Jcj[R"U5nU(dSnU$SRU5nU$)zreturn gplink options stringr;r<)rget_gplink_optionsr>)r?optionsrAs rBgplink_options_stringrHes6''.G  Jhhw JrDcV/nUR5S:XaU$URS5nUHynU(dM URS5n[U5S:wdUSRS5(d[ SU-5eUR USSS [ US 5S .5 M{ U$) z.parse a gPLink into an array of dn and options];rz[LDAP://zBadly formed gPLink '%s'NdnrG)stripsplitlen startswith RuntimeErrorappendint)gplinkrAagds rB parse_gplinkr]os C ||~  SA   GGCL q6Q;adooj999A=> > !A$qr(s1Q4y9:  JrDc6SRSU55nU$)z4Encode an array of dn and options into gPLink stringrJc3<# UHnSUSUS4-v M g7f)z[LDAP://%s;%d]rQrGN).0r[s rB encode_gplink..s#Mf"agq|%<)gplistrAs rB encode_gplinkres ''MfM MC JrDcpUcUc [X5nSU-nU$![an[SU5eSnAff=f)zfIf URL is not specified, return URL for writable DC. If dc is provided, use that to construct ldap URLNzCould not find a DC for domainldap://)r ExceptionrV)lpcredsurldces rBdc_urlrnsP { : H"2-"n J H"#CQGG Hs  5 05cUR5nUR[R"US55 UnSn[RnUbS[R "U5-nUbS[R "U5-nUbUn[R nURXhU/SQSU-/S9n U $![an UbS U-n OS n [X5eSn A ff=f) z0Get GPO information using gpo, displayname or dnzCN=Policies,CN=Systemz"(objectClass=groupPolicyContainer)Nz.(&(objectClass=groupPolicyContainer)(name=%s))z5(&(objectClass=groupPolicyContainer)(displayname=%s)))nTSecurityDescriptor versionNumberr@name displayNamegPCFileSysPathgPCMachineExtensionNamesgPCUserExtensionNames sd_flags:1:%d)basescope expressionattrscontrolsz!Cannot get information for GPO %szCannot get information for GPOs) get_default_basedn add_childldbDnSCOPE_ONELEVEL binary_encode SCOPE_BASEsearchrhr) samdbgpo displaynamerQsd_flags policies_dnbase_dn search_expr search_scopemsgrmmesgs rB get_gpo_infors**,K#&&(?@AG6K%%L FIZIZ[^I__ MPSPaPabmPnn  ~~~ $ll&1";&5x%?$@ B$ J $ ?6BBCs/$EE: E7#E22E7: F FFc/nURS5(aUSSRSS5nO+URS5(aUSSRSS5n[U5S:wa[SU-5eU$) z;Parse UNC string into a hostname, a service, and a filepath\\rMN\z///zInvalid UNC string: %s)rUrSrT ValueError)unctmps rB parse_uncrsr C ~~f!"gmmD!$   !"gmmC# 3x1}1C788 JrDc[R"SXS9(a [5$[R"SXS9(a [5$[R"SXS9(a [ 5$[R"SXS9(a [ 5$[R"SXS9(a [ 5$[R"SXS9(a [ 5$[R"SXS9(a [5$[R"S XS9(a [5$[R"S XS9(a [5$[R"S XS9(a [5$[5$) Nzfdeploy1\.ini$r@z audit\.csv$z GptTmpl\.inf$z GPT\.INI$z scripts\.ini$zpsscripts\.ini$z GPE\.INI$z.*\.ini$z.*\.pol$z.*\.aas$) rematchrr r!rrrrrr")rrr@s rB find_parserrs xx!45"$$ xx2!! xx $4!! xx d0~ xx $4!## xx"D6!## xx d0 z xx T/} xx T/} xx T/} :rDcFSn[RRU5(d[R"U5 U/nU/nU(GaFUR 5nUR 5nUR U[ S9nURSS9 UHn US-U S-n [RRXyS5n U S[R-(a:URU 5 URU 5 [R"U 5 MURU 5n [X-S5n U RU 5 SSS5 [U S5nUR!U 5 UR#U S -5 M U(aGMEgg!,(df  NQ=f) N .SAMBABACKUPattribsc US$Nrrr`xs rB2backup_directory_remote_to_local..+AfIrDkeyrrrattribwb.xml)ospathisdirmkdirpoplist attr_flagssortr>libsmbFILE_ATTRIBUTE_DIRECTORYrWloadfileopenwriterparse write_xml)conn remotedirlocaldirSUFFIXr_dirsl_dirsr_dirl_dirdirlistrmr_namel_namedatafparsers rB backup_directory_remote_to_localr s@ F 77== " " ]F\F   ))E:)6 - .AT\AfI-FWW\\%63F{V<<< f% f% }}V,&/40AGGDM1%QvY/ T"  &1 & 10s 5F F c[RRU5(d[R"U5 U/nU/nU(GaUR 5nUR 5nUR U[ S9nURSS9 UHnUS-US-n [RRXhS5n US[R-(a:URU 5 URU 5 [R"U 5 MURU 5n [U S5RU 5 M U(aGMgg)Nrc US$rr`rs rBr0copy_directory_remote_to_local..NrrDrrrrrr)rrrrrrrrr>rrrWrrr) rrrrrrrrrmrrrs rBcopy_directory_remote_to_localrDs 77== " " [FZF   ))E:)6 - .AT\AfI-FWW\\%63F{V<<< f% f% }}V,VT"((. &rDcURU5(dURU5 U/nU/nU(Ga!UR5nUR5n[R"U5n U R 5 U Hn [R RXz5n US-U -n [R RU 5(a6URU 5 URU 5 URU 5 MU(aURU 5 M[U S5R5n URX5 M U(aGM gg![a U(deMf=f![a N`f=f)Nrrb)chkpathrrrlistdirrrr>rrWrrrreadsavefile)rrrignore_existing_dirkeep_existing_filesrrrrrrmrrrs rBcopy_directory_local_to_remoter\s5 << " " 9ZF[F   **U# AWW\\%+FT\A%Fww}}V$$ f% f%JJv& ' f- FD)..0 f++ &%./)s$/E E1E.-E.1 E>=E>c \rSrSrSrSrSrg) GPOCommandicUc,[R"5n[SU-URS9 [R R U5(d[SU-5e[R RUS5n[R R U5(d[R"U5 [R RX25n[R R U5(a[SU-5e[R"U5 X4$![[4an[SU5eSnAff=f)aEnsure that the temporary directory structure used in fetch, backup, create, and restore is consistent. If --tmpdir is used the named directory must be present, which may contain a 'policy' subdirectory, but 'policy' must not itself have a subdirectory with the gpo name. The policy and gpo directories will be created. If --tmpdir is not used, a temporary directory is securely created. Nz5Using temporary directory %s (use --tmpdir to change))filez'Temporary directory '%s' does not existrz8GPO directory '%s' already exists, refusing to overwritez%Error creating teporary GPO directory) tempfilemkdtempprintoutfrrrrr>rIOErrorOSError)selftmpdirrrgpodirrms rBconstruct_tmpdirGPOCommand.construct_tmpdirs >%%'F IFRyy "ww}}V$$H6QR R77<<1ww}}X&& HHX h, 77== JVSU U K HHV ~! KFJ J KsD''E7 EEc[UR[5URURS9Ulg![ an[SUR-U5eSnAff=f)z$make a ldap connection to the serverrk session_info credentialsrizLDAP connection to %s failed N)rrkrrjrirrhr)rrms rB samdb_connectGPOCommand.samdb_connectsY N488,:,<+/::$''CDJ N>I1M M Ns7: A"AA")rN)__name__ __module__ __qualname____firstlineno__rr__static_attributes__r`rDrBrrs!FNrDrc \rSrSrSrSr\R\R\RS.r \ "SSS\ SS S 9/r SS jrS rg ) cmd_listallizList all GPOs.%prog [options] sambaopts versionoptscredopts-H--URL%LDB URL for database or target serverURLHhelptypemetavardestNc @UR5UlURURSS9Ul[ URURU5UlUR 5 [URS5nUGHnURRSUSS-5 URRSUSS-5 URRSUS S-5 URRS UR-5 URRS [US S 5-5 URRS[[[USS555-5 URRS5 GM g)NTfallback_machineGPO : %s rrrdisplay name : %s rspath : %s rtdn : %s version : %s rq0flags : %s r@ ) get_loadparmriget_credentialsrjrnrkrrrrrrQr$rCrX)rrrrrrrs rBruncmd_listall.runsA((*--dgg-M $''4::q1 4::t,A IIOO1AfIaL@ A IIOO1Am4DQ4GG H IIOO1A6F4G4JJ K IIOO1ADD8 9 IIOO1LOUX4YY Z IIOO14DSVWY`bcIdEe4ff g IIOOD !rDrjrirkNNNNrrrr__doc__synopsisrG SambaOptionsVersionOptionsCredentialsOptionstakes_optiongroupsrr takes_optionsr(r r`rDrBr r sT H))--.. tW#JQT3 (M "rDr c \rSrSrSrSrS/r\R\R\RS.r \ "SSS\ S S S 9/rSS jrSrg )cmd_listizList GPOs for an account.z&%prog [options] accountnamer rrrrrrNc> UR5UlURURSS9Ul[ URURU5UlUR 5 URRS[R"U5<S[R"U5<S3S9nUSRnURRU[RS /S 9SnS US ;n[[ -n UR b)UR R#S 5(a U [$-n [&R(R+URURUU S9n U R,n /n Sn [R."UR[1U55R35nURRU[RSS/S 9SnSU;Ga[5[1USS55nUGHnU (dUS[6R8-(dM(US[6R:-(aME[<R>[<R@-[<RB-nURRUS[R/SQSU-/S9nUSSSn[E[<RFU5n[&R<RMUU [<RN[<RP-[<RR-5 [W[YUSSS55nU(aU[6RZ-(aGM]U(dU[6R\-(aGMU R_USSSUSSS45 GM [W[YUSS55nU[6R`-(aSn XRRc5:XaOUR35nGM[U(aS nOSnURHRKSU<SU<S 35 U H-nURHRKS!US<SUS"<S 35 M/ g![a [SU-5ef=f![a [S U-5ef=f![a& URHRKSUS-5 GMf=f![Ta- URHRKSUR-5 GMf=f)#NTrz(&(|(samAccountName=z)(samAccountName=z$))(objectClass=User)))rzrzFailed to find account %s objectClass)rxryr{computerz!Failed to find objectClass for %sldap)lp_ctxrQsession_info_flagsr gPOptionsrGrQ)rrrsr@rprw)rxryr{r|rpz8Failed to fetch gpo object with nTSecurityDescriptor %s zFailed access check on %s r@rsrrFuserz GPOs for r<r%z rO)2r&rir'rjrnrkrrrrrrQrhrrrrrUrsambaauth user_sessionsecurity_tokenrrparentr]r GPLINK_OPT_ENFORCEGPLINK_OPT_DISABLEr SECINFO_OWNER SECINFO_GROUP SECINFO_DACLr descriptorrr access_checkSEC_STD_READ_CONTROL SEC_ADS_LISTSEC_ADS_READ_PROPrVrXr$GPO_FLAG_MACHINE_DISABLEGPO_FLAG_USER_DISABLErWGPO_BLOCK_INHERITANCEr})rr6rrrrruser_dn is_computerr<sessiontokengposinheritrQglistr[rgmsg secdesc_ndrsecdescr@ gpoptionsmsg_strs rBr( cmd_list.runs|((*--dgg-M $''4::q1  J**##%(%6%6{%CSEVEVWbEc0e#fC!fiiG  R**##}o#^_`aC$M(::K?=> 88 DHH$7$7$?$? "E E **))$**TWW=O*Q&& VVDJJG - 4 4 6**##3>>(T_I`#abcdC3$SXq)9%:;A"AiL4;R;R,R |d&=&==  !$,$:$:$,$:$:%;$,$9$9%: $zz00agS^^8P;JX;U:V 1 X'+1g.D&Ea&H ",X-@-@+"N !33GU4<4Q4Q4<4I4I5J4<4N4N5OP T!Wgq ABE"0M0M(M &ED4N4N,N KKa!7!:DGFOAI4555ZZ2244Bcf  GG g{CDA IIOOQqT1Q48 9g J:[HI I J RB[PQ Q RN%! (c()$)01 !(! (E(NO !s?,AQ:5RB R2AS%:RR/2+S"!S"%2TTr*r+)rrrrr-r. takes_argsrGr/r0r1r2rrr3r(r r`rDrBr5r5sY#7HJ))--.. tW#JS 2M a:rDr5c\rSrSrSrSr\R\R\RS.r S/r \ "SS\ S9/rS S jrS rg ) cmd_showiIzShow information for a GPO.%prog [options]r rrrrrNc  UR5UlURURSS9UlU(a"UR S5(a USSnX lOD[ URUR5n[URURUS9UlUR5 [URU5SnUSSn[[RU5n U R!5n UR"R%S US S-5 UR"R%S US S-5 UR"R%SUSS-5 SU;a$UR"R%SUSS-5 SU;a$UR"R%SUSS-5 UR"R%SUR&-5 UR"R%S[)USS5-5 UR"R%S[+[-[)USS555-5 UR"R%SU -5 [/USURURS9n URR1S5n SR3U R55SUS /5n /nS!GH%n[8U R;X-55nURHHnURJS#:XaM0nURLUS$'URJUS%'UUS&'[OURP5US''URRUS('[QUS(5[T:Xa]URP[V:Xa8US(RYS)5nUR[S*5R]S*5US('O[_US(5US('URaU5 M GM( UR"R%S+5 [bRd"XR"S,S-9 UR"R%S.5 g![a [SU-5ef=f![a S n GNwf=f![<aQnUR>S[@[B[D4;aSnAGMUR>S[F:Xa [S"5eeSnAff=f)/NTrrgrlrGPO '%s' does not existrpzrrrrrsr rtruzMachine Exts : %s rvzUser Exts : %s r!r"rqr#r$r@zACL : %s sysvolrirjrealmrPoliciesz%s\Registry.pol)MACHINEUSER:The authenticated user does not have sufficient privilegesz **delvals.keyname valuenameclassrrz utf-16-lezPolicies : )indentr%)3r&rir'rjrUrkrrnrrrrhrr r rIas_sddlrrrQr$rCrXr3getr>rr rrrargsr-r.r/r1entriesrornr,rrbytesr6decoderstriprSrrWjsondump)rrrrrr dc_hostnamerrYrZ secdesc_sddlrripol_file policy_defs policy_classpol_datarmentrydefsrs rBr( cmd_show.runZs6((*--dgg-M  i((AB%KH'? -M0B10EEF -4D0Ea0HHI % , IIOO1C8R4STU4VV W "c ) IIOO1C8O4PQR4SS T -67 - S/SV0WWX -0@\RUW^`aEbAc0dde - <=k&!%$(JJ0  G$99ekkmZ 245 /L %dii&*mmH4K&LN"))??l2"'--Y$)OO[! ,W *5::6V $zzV V %.zz\1#F|22;?'+{{6':'@'@'HV '+DL'9V ""4(!*0> *+ +yy3 C @83>? ? @ &%L &:! 66!9!>!@!@!BB66!9 77&(HII s<3Q 2Q'+Q: Q$' Q76Q7: S"S-#SSr*r+rrrrr-r.rGr/r0r1r2r^rrr3r(r r`rDrBr`r`IsT%&H))--.. J tALMRrDr`c \rSrSrSrSr\R\R\RS.r S/r \ "SS\ S9\ "S S \ S9\ "S S S S/SS9\ "SS SS/SS9\ "SSSSS9/rSSjrSrg)cmd_loadiaLoad policies onto a GPO. Reads json from standard input until EOF, unless a json formatted file is provided via --content. Example json_input: [ { "keyname": "Software\Policies\Mozilla\Firefox\Homepage", "valuename": "StartPage", "class": "USER", "type": "REG_SZ", "data": "homepage" }, { "keyname": "Software\Policies\Mozilla\Firefox\Homepage", "valuename": "URL", "class": "USER", "type": "REG_SZ", "data": "google.com" }, { "keyname": "Software\Microsoft\Internet Explorer\Toolbar", "valuename": "IEToolbar", "class": "USER", "type": "REG_BINARY", "data": [0] }, { "keyname": "Software\Policies\Microsoft\InputPersonalization", "valuename": "RestrictImplicitTextCollection", "class": "USER", "type": "REG_DWORD", "data": 1 } ] Valid class attributes: MACHINE|USER|BOTH Data arrays are interpreted as bytes. The --machine-ext-name and --user-ext-name options are multi-value inputs which respectively set the gPCMachineExtensionNames and gPCUserExtensionNames ldap attributes on the GPO. These attributes must be set to the correct GUID names for Windows Group Policy to work correctly. These GUIDs represent the client side extensions to apply on the machine. Linux Group Policy does not enforce this constraint. {35378EAC-683F-11D2-A89A-00C04FBBCFA2} is provided by default, which enables most Registry policies. rar rrrrb --contentJSON file of policy inputs--machine-ext-namerW machine_exts&{35378EAC-683F-11D2-A89A-00C04FBBCFA2}z;A machine extension name to add to gPCMachineExtensionNames)actionrdefaultr--user-ext-name user_extsz5A user extension name to add to gPCUserExtensionNamesz --replace store_trueFz8Replace the existing Group Policies, rather than mergingrrrNc UcS/nUcS/nUc3[R"[RR 55n O[[ R RU5(a,[US5n [R"U 5n SSS5 O [S5eUR5Ul URURSS9Ul[URURU5UlUR#5 [%XRURUR&U5n UHn U R)U S5 M UHn U R)U S5 M U(aU R+W 5 gU R-W 5 g!,(df  GN=f![.a(nUR0S[2:Xa [S 5eeSnAff=f) Nrr$The JSON content file does not existTrrurvrrm)r{loadssysstdinrrrexistsrloadrr&rir'rjrnrkrr5rregister_extension_name replace_smerge_srrvr1)rrrcontentrrreplacerrrrrregext_namerms rBr( cmd_load.runs  DEL  ABI ?**SYY^^%56K WW^^G $ $gt$"iil %$EF F((*--dgg-M $''4::q1 #C$**djj!L$H  ' '2L M%!H  ' '2I J"  k* K(%%$& vvay33"$DEE  s*3F+F(F( F%( G2#GGr*)NNNNFNNNrr`rDrBrrs0d'H))--.. J tAL{!=CH#.=>N P  +=>H J {<N P M(,FJ#rDrc \rSrSrSrSr\R\R\RS.r S/r \ "SS\ S9\ "S S \ S9\ "S S /S SS9\ "SS /SSS9/rSSjrSrg) cmd_removei!aRemove policies from a GPO. Reads json from standard input until EOF, unless a json formatted file is provided via --content. Example json_input: [ { "keyname": "Software\Policies\Mozilla\Firefox\Homepage", "valuename": "StartPage", "class": "USER", }, { "keyname": "Software\Policies\Mozilla\Firefox\Homepage", "valuename": "URL", "class": "USER", }, { "keyname": "Software\Microsoft\Internet Explorer\Toolbar", "valuename": "IEToolbar", "class": "USER" }, { "keyname": "Software\Policies\Microsoft\InputPersonalization", "valuename": "RestrictImplicitTextCollection", "class": "USER" } ] Valid class attributes: MACHINE|USER|BOTH rar rrrrbrrrrWrz@A machine extension name to remove from gPCMachineExtensionNames)rrrrrrz:A user extension name to remove from gPCUserExtensionNamesNc Uc/nUc/nUc3[R"[RR 55n O[[ R RU5(a,[US5n [R"U 5n SSS5 O [S5eUR5Ul URURSS9Ul[URURU5UlUR#5 [%XRURUR&U5n UHn U R)U S5 M UHn U R)U S5 M U R+W 5 g!,(df  N=f![,a(n U R.S[0:Xa [S5eeSn A ff=f) NrrTrrurvrrm)r{rrrrrrrrrrr&rir'rjrnrkrr5runregister_extension_nameremove_srrvr1)rrrrrrrrrrrrrrms rBr(cmd_remove.runWso  L  I ?**SYY^^%56K WW^^G $ $gt$"iil %$EF F((*--dgg-M $''4::q1 #C$**djj!L$H  ) )(4N O%!H  ) )(4K L"  LL %%$  vvay33"$DEE  s$1E;)F ; F  F>#F99F>r*NNNNNNNrr`rDrBrr!s@'H))--.. J tAL{!=CH#RnS U  RkM O MKO7;rDrc\rSrSrSrSr\R\R\RS.r S/r \ "SS\ S9/rS S jrS rg ) cmd_getlinkixzList GPO Links for a container.%prog [options]r rrrrbNcUR5UlURURSS9Ul[ URURU5UlUR 5 URRU[RSS/S9SnSU;aUS(aURRSU-5 [[!USS55nUHn[#URUS S 9nURRS USS S-5 URRS USSS-5 URRS[%US5-5 URRS5 M gURRSU-5 g![a [SU-5ef=f)NTrrrrrrzGPO(s) linked to DN %s rQ)rQz GPO : %s rrz Name : %s rsz Options : %s rGr%zNo GPO(s) linked to DN=%s )r&rir'rjrnrkrrrrrrhrrrr]rrrH) rrrrrrrrdr[s rBr(cmd_getlink.runs((*--dgg-M $''4::q1  O**##S^^/@+3*$6679C s?s8} IIOO6E F!#c(mA&6"78F"4::!D':  4s1vf~a7H HI  4s1vm7LQ7O OP  47LQy\7Z Z[ %  IIOO9LH I O>MN N Os ,.F55Gr*r+rr`rDrBrrxs_)/H))--.. !!J tALMBFJrDrc \rSrSrSrSr\R\R\RS.r SS/r \ "SS\ S 9\ "S S S S SS9\ "SSS S SS9/rSSjrSrg) cmd_setlinkiz(Add or update a GPO link to a container.$%prog [options]r rrrrrbz --disabledisabledFrzDisable policyrrrrz --enforceenforcedzEnforce policyNc UR5UlURURSS9Ul[ URURU5UlUR 5 Sn U(aU [R-n U(aU [R-n [URUS9S [[URU55n URR!U["R$SS/S9Sn S n SU ;a~['[U SS55n Sn S nU H0nUS R)5U R)5:XdM*XS 'Sn O U(a[S U-5eU R+SXS.5 O/n U R-XS.5 [/U 5n["R0"5n["R2"URU5UlU (a*["R6"U["R8S5US'O)["R6"U["R:S5US'URR=U5 UR>RAS5 [C5REXXgU5 g![a [SU-5ef=f![a [S U-5ef=f![an[SU5eSnAff=f)NTrrrrfrrrrFrQrGz)GPO '%s' already linked to this containerrP new_valuezError adding GPO LinkzAdded/Updated GPO link )#r&rir'rjrnrkrr rErDrrrhrrr4rrrr]rinsertrWrerrrQrr FLAG_MOD_ADDrrrrr()rrrrrrrrrgplink_optionsrrexisting_gplinkrdrr[rrrms rBr(cmd_setlink.runs((*--dgg-M $''4::q1   d55 5N  d55 5N @  -a 0Z C01 O**##S^^/@+3*$6679C  s?!#c(mA&6"78F"OET7==?flln4#1iL E  "#NQT#TUU a!JKF MMC D"6* KKMvvdjj,/  // C? ? @ O>MN N OD ;6: : ;s0"J.J1K J.1K  K( K##K(r*)NFFNNNrr`rDrBrrs25H))--.. !%(J tAL{U<$ &{U<$ & MGL7;BMrDrc\rSrSrSrSr\R\R\RS.r SS/r \ "SS\ S 9/rS S jrS rg ) cmd_dellinkiz!Delete GPO link from a container.rr  containerrrrrbNcUR5UlURURSS9Ul[ URURU5UlUR 5 [URUS9S [R"URU5n[URXr5 URRS5 [!5R#XsXEU5 g![a [SU-5ef=f)NTrrrrfzDeleted GPO link. )r&rir'rjrnrkrrrrhrrrrrrrr()rrrrrrrrs rBr(cmd_dellink.runs((*--dgg-M $''4::q1  @  -a 0vvdjj)4 TZZ3 -. ,9 L  @83>? ? @s ,C11D r*r+rr`rDrBrrsa+5H))--.. u%J tALMDHMrDrc\rSrSrSrSr\R\R\RS.r S/r \ "SS\ S9/rS S jrS rg ) cmd_listcontainersi(z%List all linked containers for a GPO.rar rrrrbNcUR5UlURURSS9Ul[ URURU5UlUR 5 [URU5n[U5(aIURRSU-5 UH$nURRSUS-5 M& gURRSU-5 g)NTrzContainer(s) using GPO %s z DN: %s rQzNo Containers using GPO %s ) r&rir'rjrnrkrrrrTrr)rrrrrrrrs rBr(cmd_listcontainers.run9s((*--dgg-M $''4::q1  S1 s88 IIOO9C? @ 4 89 IIOO:S@ ArDr*r+rr`rDrBrr(s\/&H))--.. J tALM9=BrDrc\rSrSrSrSr\R\R\RS.r S/r \ "SS\ S9/rS S jrS rg ) cmd_getinheritanceiLz%Get inheritance flag for a container.rr rrrrbNc6UR5UlURURSS9Ul[ URURU5UlUR 5 URRU[RSS/S9SnSnSU;a[USS5nU[R:XaUR R#S5 gUR R#S 5 g![a [SU-5ef=f) NTrrr=rrrz$Container has GPO_BLOCK_INHERITANCE zContainer has GPO_INHERIT )r&rir'rjrnrkrrrrrrhrrXr rPrr)rrrrrrr inheritances rBr(cmd_getinheritance.run]s((*--dgg-M $''4::q1  O**##S^^/@+6-$99:MN N Os ,.C??Dr*r+rr`rDrBrrLs^//H))--.. !!J tALMBF;rDrc\rSrSrSrSr\R\R\RS.r SS/r \ "SS\ S 9/rS S jrS rg )cmd_setinheritanceixz$Set inheritance flag on a container.z.%prog [options]r r inherit_staterrrbNcUR5S:Xa[RnO3UR5S:Xa[RnO[ SU-5eUR 5UlURUR SS9Ul[UR URU5Ul UR5 URRU[RSS/S9S n[R""5n [R$"URU5U lSU;a3[R("[+U5[R,S5U S 'O2[R("[+U5[R.S5U S 'URR1U 5 g![ a [ S U-5ef=f![ an [ S U-U 5eSn A ff=f) NblockrVzUnknown inheritance state (%s)Trrr=rrrrz"Error setting inheritance state %s)rr rP GPO_INHERITrr&rir'rjrnrkrrrrrrhrrrQrrrrr) rrrrrrrrrrrms rBr(cmd_setinheritance.runs    G +44K  "i /**K?-OP P((*--dgg-M $''4::q1  O**##S^^/@+6-$99:MN N O XCmSUVW W Xs$.F5G5G G/G**G/r*r+rr`rDrBrrxsa.?H))--.. !/2J tALMQU"XrDrc\rSrSrSrSr\R\R\RS.r S/r \ "SS\ S9\ "S S \ S9/rSS jrS rg ) cmd_fetchizDownload a GPO.rar rrrrb--tmpdir,Temporary directory for copying policy filesNc@UR5UlURURSS9UlU(a"UR S5(a USSnX lOD[ URUR5n[URURUS9UlUR5 [URU5Sn[USS5n [U 5upn [!X{URURS 9n UR#X15up>[%XU5 UR&R)S U-5 g![a [SU-5ef=f![a [S U -5ef=f![an[S U5eSnAff=f) NTrrgrdrerrfrtInvalid GPO path (%s)rhError copying GPO from DCGPO copied to %s )r&rir'rjrUrkrrnrrrrhrrrrr3rrrr)rrrrrrrr}rrdom_nameservice sharepathrrrms rBr( cmd_fetch.runs((*--dgg-M  i((AB%KH'-6s^ *X ktww$(JJ0..v; ? *4F C ,v56- @83>? ? @ >6<= = > ?:A> > ?s03E E& F E#&E? F FFr*NNNNNrr`rDrBrrsa&H))--.. J tALz NUXYM &7rDrc \rSrSrSrSr\R\R\RS.r S/r \ "SS\ S9\ "S S \ S9\ "S S S SS9\ "SSS\ S9/rSSjr\S5rSrg) cmd_backupiz Backup a GPO.rar rrrrbrrz --generalizez"Generalize XML entities to restoreFrrrr --entitiesz4File to export defining XML entities for the restoreent_file)rrrNc |UR5UlURURSS9UlU(a"UR S5(a USSn X lOD[ URUR5n [URURU S9UlUR5 [URU5Sn [U SS5n [U 5upn[!XURURS 9nUR#X15unn[%XU5 UR&R)S U-5 U(Ga UR&R)S 5 [*R-UR&UU5nUR/5VVs/sH unnUU4PM nnnUR15 SR3SU55nU(aE[5US5nUR)U5 SSS5 UR&R)SU-5 O6UR&R)S5 UR&R)U5 SHXnUU ;dM [5[6R8R3UUS-5S5nUR)U US5 SSS5 MZ g![a [SU-5ef=f![a [S U -5ef=f![an[S U5eSnAff=fs snnf!,(df  GN=f!,(df  M=f)NTrrgrdrerrfrtrrhrrz( Attempting to generalize XML entities: rJc3V# UHupSURS5SUS3v M! g7f)z N)rR)raentvals rBrb!cmd_backup.run..0s15+3xs'syy&7r#dC+3s')wz$Entities successfully written to %s z Entities: rurv .SAMBAEXTr)r&rir'rjrUrkrrnrrrrhrrrrr3rrrrrgeneralize_xml_entitiesitemsrr>rrr)rrrr generalizerrrrr}rrrrrrrrmentitieskvent_listentsrexts rBr(cmd_backup.runs((*--dgg-M  i((AB%KH'-6s^ *X ktww$(JJ0..v; ? ,Tf E ,v56  IIOOH I!99$))V:@BH,4>>+;<+;41aA+;H< MMO775+355D(C(AGGDM)  G (!)* 0 %ICcz"'',,vs[/@A4HAGGCHQK(IHI[ @83>? ? @ >6<= = > ?:A> > ?= )(IHsN3J>K K6!L0LL,>KK36 L L  L L), L; c0n[RRU5(d[R"U5 U/nU/nU(GaUR 5nUR 5n[R "U5nUR 5 UGHn [RRXi5n [RRXy5n [RRU 5(a`URU 5 URU 5 [RRU 5(d[R"U 5 MMU RS5(a~[RRU 5SSn [U 5n [U S5nUR5nSSS5 [R "W5nU R#UX5nGMZ[RR)X5(aGM[*R,"X5 GM U(aGMU$!,(df  N=f![$a UR'SU -5 GMf=f)Nrrz%SKIPPING: Generalizing failed for %s )rrrrrrrr>rrWendswithbasenamerrrET fromstringgeneralize_xmlrrsamefileshutilcopy2)r sourcedir targetdirrrrrrrrmrrto_parserltempr concrete_xmlfound_entitiess rBr"cmd_backup.generalize_xml_entitiesBsww~~i(( HHY JJLEJJLEjj'G LLNe/e/77==((MM&)MM&)77>>&11(2v..$&77#3#3F#;CR#@!,X!6\!%fc!2e',zz|"3,.==+>L-3-B-B [options]r rrrrbrrNcUR5UlURURSS9Ul[ URURS9nU(acUR S5(aMUSSnX l[R[R-[R-n URXS9n O[R[R-[R-n URURRS5U S9n U Rn[URURUS 9UlUR5 [!UR"US 9n U R$S :a['S U-5e[)[*R,"55n S U R/5-n XlU R2nSU<SU<SU <3nUR5X=5uUlnUUl[:R<"[:R>RAUS55 [:R<"[:R>RAUS55 Sn[C[:R>RAUS5S5REU5 [IU5unnnUUl%[MUUURURS9nUUl'UR"RQ5 [SUR"U 5n[TRV"5nUUl,[TRZ"S[TR\S5US'UR"R_U5 [TRV"5n[TR`"UR"S[)U5-5Ul,[TRZ"S[TR\S5US'UR"R_U5 [TRV"5n[TR`"UR"S[)U5-5Ul,[TRZ"S[TR\S5US'UR"R_U5 [bRd[bRf-[bRh-n[!UR"U US9S n U SS n[k[bRlU5Ro5nRp"UR"Rs55n[uUU5n[bRlRwUU5n[yUU5 [bRd[bRf-[bRh-[bRz-nUR}UUU5 [UUU5 [TRV"5nUUl,[TRZ"U[TRS 5US!'[TRZ"U[TRS"5US#'[TRZ"S$[TRS%5US&'[TRZ"S'[TRS(5US)'[TRZ"S$[TRS*5US+'S,/n UR"RUU S-9 UR"R5 Uc [R"UR65 URRES.U<S/U <S035 g![Fan['SU5eSnAff=f![Fa UR"R5 ef=f)1NTr)rjrirgrd)addressr@ri)domainr@re)rrz%A GPO already existing with name '%s'{%s}rz\sysvol\z \Policies\MachineUserz[General] Version=0 zGPT.INIrzError Creating GPO filesrhgroupPolicyContainerr8a01 CN=User,%sr CN=Machine,%s)rrrprsa02rta03r#rqa052gpcFunctionalityVersiona07r@a04zpermissive_modify:0)r|zGPO 'z ' created as r%)Gr&rir'rjrrUrkrNBT_SERVER_LDAP NBT_SERVER_DSNBT_SERVER_WRITABLEfinddcru pdc_dns_namernrrrcountrruuiduuid4uppergpo_name dns_domainrrrrrrr>rrrhrrr3rtransaction_startr4rrrQrraddrr rFrGrHr rIrtdom_sidget_domain_sidr from_sddlr2SECINFO_PROTECTED_DACLset_aclrrrtransaction_committransaction_cancelrrmtreer)!rrrrrrrnetr}r@ cldap_retrguidrriunc_pathr gpt_contentsrmrrrrrr ds_sd_flags ds_sd_ndrds_sd domain_sidsddlfs_sdsior|s! rBr(cmd_create.runs((*--dgg-M  tww/ i((AB%KH((&&',,-E ; DI((&&',,-E $''++g*>e LI#00KdggtzzkBDH 4::;? 99q=FTU UDJJL!tzz|# $$9>sK#33F@ V  > HHRWW\\&)4 5 HHRWW\\&&1 27L fi0# 6 < <\ J *38)<&7I"k7tww$(JJ0  $$&< , C0F AAD))*@#BRBRTabAeH JJNN1  A66$**lS[&@AAD))+s7G7GWAeH JJNN1  A66$**oF &CDAD))+s7G7GWAeH JJNN1 $11#112#001Ktzzs[I!LC23A6Ix22I>FFHE"))$***C*C*EFJuj1D''11$ CE "$ 2))))*(()223C LLE3 / +4 C AAD))+s7K7K][AeH))(C4H4HJZ[AeH))#s/C/C_UAeH))#s/C/CE^_AeH))#s/C/CWMAeH-.H JJ  a(  3 JJ ) ) + > MM$++ & k3GH] >91= = >H  JJ ) ) +  s& [options]r rbackuprrrbrrrz8File defining XML entities to insert into DOCTYPE headerz--restore-metadataz7Keep the old GPT.INI file and associated version numberFrrcSn[RRU5(d[R"U5 U/nU/nU(GaUR 5nUR 5n[R "U5n U R 5 U GHn [RRXz5n [RRX5n [RRU 5(a`URU 5 URU 5 [RRU 5(d[R"U 5 MMU RS5(dM[RRU 5SSn [U 5n[U S5nUR5nSnURU5(a:U[!U5SnUR#[$R&"UU-U-55 O(UR#[$R&"UU-55 UR)U SS5 SSS5 GM U(aGMgg!,(df  GM=f![*a` U SSU-n[,R."UU SS5 UR0R3SU -5 UR0R3S5 GML SSKnUR75 U SSU-n[,R."UU SS5 UR0R3S U -5 UR0R3S5 GM=f) Nrrrrz&zWARNING: No such parser for %s z.WARNING: Falling back to simple copy-restore. rz%WARNING: Error during parsing for %s )rrrrrrrr>rrWrrrrrrUrTload_xmlrr write_binaryrrrrr traceback print_exc)rrr dtd_headerrrrrrrrmrrrrrrxml_head original_filerDs rB restore_from_backup_to_local_dir,cmd_restore.restore_from_backup_to_local_dirsww~~i(( HHY JJLEJJLEjj'G LLNe/e/77==((MM&)MM&)77>>&11(2v..$&77#3#3F#;CR#@!,X!6#_!%fc!2e',zz|+S#'??8#<#<,0H +?D%+OOBMM(ZBWZ^B^4_$`$*OOBMM*tBS4T$U!' 3 3F3BK @!"3!2% f0"3!2$ 3_,23BK&,@M"LLs D IIOO,NQY,YZ IIOO,]^^ _,%//1-33BK&,@M"LLs D IIOO,TW],]^ IIOO,]^^s3 I6+BI# I6# I3 -I63I66A%MA0Mc >Sn [RRU5(d[SU-5eUbSn [RRU5(d[SU-5e[ US5n U R 5n [ R"SU [ R[ R-S9c [S5eXR5- n SSS5 U S - n [TU]1XXFXx5 Uc)URX@R5uUln XlUR#X R U 5 U (+n[%UR&UR UR(S US 9 [+UR,UR5nS Hn[RR/UUS -5n[RRU5(dML[ US5nUR 5nSSS5 [0R2"5nUUl[0R6"W[0R8U5UU'UR,R;U5 M Uc![<R>"UR5 gg!,(df  GN=f!,(df  N=f![@anSSK!nURE5 URFRI[KU5S-5 URFRIS5 [M5nURURX6Xx5 [SU-5eSnAff=f)NrJz"Backup directory does not exist %sz)+\s*\ZrzPEntities file does not appear to conform to format e.g. z ]> T)rrrrrrr%z%Failed to restore GPO -- deleting... zFailed to restore: %s)'rrrrrrrr MULTILINEDOTALLrRsuperr(rr%rrrIrrrr4rr>rrrQrrrrr0rhrDrErrrcmd_del)rrr@rrrrrrrestore_metadatarF entities_fileentities_contentrkeep_new_filesrrext_filerrrrmrDcmd __class__s rBr(cmd_restore.runcs ww~~f%%CfLM M  0J77>>(++"#D#+$,--h$ #0#5#5#7 88I,BLL4JLOST&(GHH4466 % ( "J  KFxM/ <~&*&;&;FMM&R# V$   1 1&++2< >"21N +499dkk+/>>?C?M O   DMM:FM77<<k0AB77>>(++h- vvx. A!AD //c6J6J035AcFJJ%%a(M~ dkk*c%$N.- <     ! IIOOCFTM * IIOOD E)C GGDMM1 G6:; ; n [+URU S U5 UR&R)S U S -5 M@ [-URU5nURR/[0R2"URS[U5-5S/5 URR/[0R2"URS[U5-5S/5 URR/U5 U R5U 5 URR75 UR&R)SU-5 g![a [S U-5ef=f![a URR95 ef=f)NTrrgrdrerrrtrfrhzGPO %s is linked to containers rQz Removed link from %s. rz tree_delete:1rzGPO %s deleted. )r&rir'rjrUrkrrnrrrrrhrrr3r'rrTrrrr4deleterrdeltreer.r/)rrrrrrr}rr4rrrrrrs rBr( cmd_del.runsc((*--dgg-M  i((AB%KH'? ? @8  JJ ) ) +  s3(J6#EK6K&K8r*r+rr`rDrBrOrOs[&H))--.. J tALM9=63rDrOc \rSrSrSrSr\R\R\RS.r \ "SSS\ SS S 9/r SS jrS rg ) cmd_aclcheckiz.Check all GPOs have matching LDAP and DS ACLs.r r rrrrrrNc UR5UlURURSS9Ul[ URURU5UlU(a"UR S5(a USSnXlOD[URUR5n[ URURUS9UlUR5 [URS5nUGHJn[USS5n[U5upn [XZURURS 9n U R!U ["R$["R&-["R(-["R*5n S U;a [S 5eUS Sn[-["R.U5R15n["R2"URR555n[7UU5nU R1U5U:wdGM'[S U R1U5<S U <SU<35e g![a [SU-5ef=f)NTrrgrdrertrrrhrpzKCould not read nTSecurityDescriptor. This requires an Administrator accountzInvalid GPO ACL z on path (z ), should be )r&rir'rjrnrkrUrrrrrrrrr3get_aclr rFrGrHSEC_FLAG_MAXIMUM_ALLOWEDr rIrtr)r*r)rrrrrr}rrrrrrrr;r7r8r9expected_fs_sddls rBr(cmd_aclcheck.runs((*--dgg-M $''4::q1 i((AB%KH'FFHE"))$***C*C*EFJ*5*=  j)-=="V[VcVcdnVoqz}M$NOO5  B"#:S#@AA Bs IIr*r+r,r`rDrBr_r_sU8 H))--.. tW#JQT3 (M -OrDr_c \rSrSrSrSr\R\R\RS.r \ "SSS\ SS S 9\ "S S \ \ RR\R""5S 5S9/rSSjrSrg) cmd_admxloadi>z Loads samba admx files to sysvolr r rrrrrrz --admx-dirz)Directory where admx templates are storedz samba/admx)rrrNcUR5UlURURSS9UlU(a"UR S5(a USSnXlOD[ URUR5n[URURUS9Ul[USURURS9nSRURRS 5R5S S /5nURU5 [$R&"U5Hupn U Hn U R)US5n[$R*RX5nSRX/5R)SS5nSRUU /5n[-UU5 [/US5nUR1UUR355 SSS5 M M UR4R7S5 g![aEn U RS [:Xa [!S 5eU RS [":waeSn A GN8Sn A ff=f![aDn U RS [:Xa [!S 5eU RS [":waeSn A NSn A ff=f![a-n U RS [:Xa [!S 5eSn A GNSn A ff=f!,(df  GM=f)NTrrgrdrergrhrrirjPolicyDefinitionsrrmrJrraInstalling ADMX templates to the Central Store prevents Windows from displaying its own templates in the Group Policy Management Console. You will need to install these templates from https://www.microsoft.com/en-us/download/102157 to continue using Windows Administrative Templates. )r&rir'rjrUrkrrnr3r>rurrrrvr1rr0rwalkrrr2rrrrr)rrrrradmx_dirr}rsmb_dirrmdirnamedirsfilesfname path_in_admx full_pathsub_dirsmb_pathrs rBr(cmd_admxload.runPs((*--dgg-M  i((AB%KH'?  JJw %'GGH$5 G5&x< GGLL8 ))W$;<DDS$O99gu%56)$8)T*aQ h9+*%6* P Q9 vvay33"$DEE==>  %vvay$;;*,LMM&EEF )Q66!9(??".0P#QQ@Q+*s`>G= I/K1 J = I :II  J:JJ K *"K KK K K* r*r)rrrrr-r.rGr/r0r1r2rrrrr>r#data_dirr3r(r r`rDrBrfrf>s* H))--.. tW#JQTC )|"M"'',,u~~/?"N PMFJ8QrDrfc \rSrSrSrSr\R\R\RS.r \ "SSS\ SS S 9\ "S S S SS9/r /SQrSSjrSrg)cmd_add_sudoersiaAdds a Samba Sudoers Group Policy to the sysvol This command adds a sudo rule to the sysvol for applying to winbind clients. The command argument indicates the final field in the sudo rule. The user argument indicates the user specified in the parentheses. The users and groups arguments are comma separated lists, which are combined to form the first field in the sudo rule. The --passwd argument specifies whether the sudo entry will require a password be specified. The default is False, meaning the NOPASSWD field will be specified in the sudo entry. Example: samba-tool gpo manage sudoers add {31B2F340-016D-11D2-945F-00C04FB984F9} ALL ALL fakeu fakeg The example command will generate the following sudoers entry: fakeu,fakeg% ALL=(ALL) NOPASSWD: ALL z7%prog [groups] [options]r rrrrrrz--passwdrFz;Specify to indicate that sudo entry must provide a passwordr)rcommandr>userszgroups?Nc  UR5UlU RURSS9UlU(a"UR S5(a USSn XplOD[ URUR5n [URURU S9Ul[U SURURS9n UR5 [XRURURU5n URRS5nS RUR5S US S /5nS RUS /5n[R "[R""U R%U555nUR'5R)S5nUR)S5n[R6"US5nU(a[R6"US5 [R6"US5nUUl[R6"US 5nUUl[R6"US!5nUR?S"5H0n[R6"US#5nUUlS UR@S$'M2 UbDUR?5H0n [R6"US#5nU UlS%UR@S$'M2 [C5n!UREU!S&SS'9 U!RGS5 [IX5 U RKUU!RM55 U ROSS(9 g![*GaMnUR,S[.[0[24;Ga[R "[R4"S55n[R6"UR'5S5n[R6"US5nSUl[R6"US5nSUl[R6"US5nSUl[R6"US5nSUl[R6"US5n[R6"US5nSUlSnAGNUR,S[::Xa [=S5eeSnAff=f![*a(nUR,S[::Xa [=S5eeSnAff=f))NTrrgrdrergrhrirrjMACHINE\VGP\VTLA\SudoSudoersConfiguration manifest.xml policysettingrr vgppolicyversion1rrz Sudo Policy descriptionz!Sudoers File Configuration Policy apply_modemerge load_plugintruerm sudoers_entrypasswordrxr> listelement, principalrgroupUTF-8encodingxml_declarationmachine_changed)(r&rir'rjrUrkrrnr3rr5rrur>rr ElementTreerrgetrootfindrrvr-r.r/Element SubElementtextr1rrSrr)rseekr2rrincrement_gpt_ini)"rrrxr>rygroupspasswdrrrrr}rrrivgp_dirvgp_xmlxml_datar~rrmpvrrrrrr command_elmuser_elmrurr[outs" rBr(cmd_add_sudoers.runs((*--dgg-M  i((AB%KH'>>>"**[*AB " h.>.>.@.=!? ]]=)<}}]F;)  mmM=I #F  ]]=,G ") }}]F; mmD-@ #)   55"$DEE/ d vvay33"$DEE   s8A)L6;:R6 RDR &#R  R S#R>>Sr*)NNNNNNrrrrr-r.rGr/r0r1r2rrr3r^r(r r`rDrBrwrwsz&IH))--.. tW#JQTC )z,Q SM@JAE?CUrDrwc \rSrSrSrSr\R\R\RS.r \ "SSS\ SS S 9/r S /rSS jrSrg )cmd_list_sudoersizList Samba Sudoers Group Policy from the sysvol This command lists sudo rules from the sysvol that will be applied to winbind clients. Example: samba-tool gpo manage sudoers list {31B2F340-016D-11D2-945F-00C04FB984F9} rar rrrrrrrNc.UR5UlURURSS9UlU(a"UR S5(a USSnX lOD[ URUR5n[URURUS9Ul[USURURS9nURRS5nS RUR5S US S /5n [R"URU 55n U Gb\U R-S5n U R,"S5n U R/S5GH#nUR-S5R0nUR-S5R0nUR/S5n/nUH#nUR3UR/S55 M% [5U5S :aOSRUVs/sH1nUR6SS:Xa UR0OSUR0-PM3 sn5nOSnUR-S5SLnU(aSOSnU<SU<SU<SU<3nUR8R;S U-5 GM& S RUR5S US!/5n[=[>R@URU55nS"nURBHpn[EURF5U:XdM[IURJ5RM5(dMHUR8R;S URJ-5 Mr g![aRn U R S ["[$[&4;aSn Sn A GNdU R S [(:Xa [+S5eeSn A ff=fs snf![aOn U R S ["[$[&4;aSn A gU R S [(:Xa [+S5eeSn A ff=f)#NTrrgrdrergrhrirrjr{z!SudoersConfiguration\manifest.xmlrrmr~rrrxr>rrrr%s%%ALLr NOPASSWD:rJ ALL=()r<%s MACHINE\Registry.pols1Software\Policies\Samba\Unix Settings\Sudo Rights)'r&rir'rjrUrkrrnr3rur>rrrrrrvr-r.r/r1rrfindallrextendrTrrrr r rrwr%rnr&rrR)rrrrrrr}rrirrrmrrrrxr> listelements principalsrruname nopasswordnp_entryprrrns rBr(cmd_list_sudoers.runs((*--dgg-M  i((AB%KH'> 55"$DEE .&B vvay:<<>>vvay33"$DEE  sB%M38N6 +)N; N3!$N. #N..N3; P"P,#PPr*r+rr`rDrBrrsb'H))--.. tW#JQTC )M JK5rDrc \rSrSrSrSr\R\R\RS.r \ "SSS\ SS S 9/r S S /rSSjrSrg )cmd_remove_sudoersikaRemoves a Samba Sudoers Group Policy from the sysvol This command removes a sudo rule from the sysvol from applying to winbind clients. Example: samba-tool gpo manage sudoers remove {31B2F340-016D-11D2-945F-00C04FB984F9} 'fakeu ALL=(ALL) NOPASSWD: ALL' %prog [options]r rrrrrrrrNcX UR5UlURURSS9UlU(a"UR S5(a USSnX0lOD[ URUR5n[URURUS9Ul[USURURS9nUR5 [XRURURU5n URRS5n S RU R5S US S /5n S RU S /5n [R "[R""UR%U 555n U R'5R)S5nUR)S5nS RU R5S US/5n[9[:R<UR%U55n0nU(aUR?S5O/GH nUR)S5R@nUR)S5R@nUR?S5n/nUH#nURCUR?S55 M% [EU5S:aOSRUVs/sH1nURFSS:Xa UR@OSUR@-PM3 sn5nOSnUR)S5SLnU(aSOSnU<SU<S U<S!U<3nUUU'GM UURI5;a|URKUU5 [M5nW ROUS"SS#9 URQS5 [SX5 URUU URW55 U RYSS$9 gUU(a'URZVs/sHnUR\PM snO/;aqURZVs/sHnUR\U:wdMUPM nn[EU5Ul/UUl-URUU[aU55 U RYSS$9 g[7S%U-5e![*aRnUR,S[.[0[24;aSnSnAGNUR,S[4:Xa [7S5eeSnAff=f![*aRnUR,S[.[0[24;aSnSnAGNUR,S[4:Xa [7S5eeSnAff=fs snf![*a(nUR,S[4:Xa [7S5eeSnAff=fs snfs snf![*a(nUR,S[4:Xa [7S5eeSnAff=f)&NTrrgrdrergrhrirrjr{r|r}r~rrrmrrrxr>rrrrrrrrrJrrr<rrr,Cannot remove '%s' because it does not exist)1r&rir'rjrUrkrrnr3rr5rrur>rrrrrrrrrvr-r.r/r1rr r rrrrrTrkeysrr)rrr2rrrrwr num_entriesr )rrrrrrrr}rrrirrrr~rrmrrrwrxr>rrrrrrrrrs rBr(cmd_remove_sudoers.runs((*--dgg-M  i((AB%KH'AffY',,G66&>&&D99]3LJ+ !!+"5"5k"BC ,:"2<">2? +t3J'1|rH&+T8WEAGAJ?" GLLN " KK ')C NN3$N G HHQK %d4 gsxxz2%%d%; X(8(89(81(892 N"*"2"2F"2Qaffoq"2GF#&w>55"$DEE  vvay:<<>> 55"$DEE (">&! 66!9 77&(HII   :F! 66!9 77&(HII  sA)Q5)S78T3 :T8U-U2U2<*U75 S?$S )#S  S T0$T+#T++T08 U*#U%%U*7 V)#V$$V)r*r+rr`rDrBrrkse/H))--.. tW#JQTC )M !Jh&rDrcX\rSrSrSr0r\"5\S'\"5\S'\"5\S'Sr g) cmd_sudoersiz#Manage Sudoers Group Policy Objectsr(rrr`N) rrrrr- subcommandsrwrrr r`rDrBrrs1-K(*K*,K.0KrDrc \rSrSrSrSr\R\R\RS.r \ "SSS\ SS S 9/r /S QrSS jrSrg )cmd_set_securityia Set Samba Security Group Policy to the sysvol This command sets a security setting to the sysvol for applying to winbind clients. Not providing a value will unset the policy. These settings only apply to the ADDC. Example: samba-tool gpo manage security set {31B2F340-016D-11D2-945F-00C04FB984F9} MaxTicketAge 10 Possible policies: MaxTicketAge Maximum lifetime for user ticket Defined in hours MaxServiceAge Maximum lifetime for service ticket Defined in minutes MaxRenewAge Maximum lifetime for user ticket renewal Defined in minutes MinimumPasswordAge Minimum password age Defined in days MaximumPasswordAge Maximum password age Defined in days MinimumPasswordLength Minimum password length Defined in characters PasswordComplexity Password must meet complexity requirements 1 is Enabled, 0 is Disabled rar rrrrrr)rrvalue?NcUR5UlURURSS9UlU(a"UR S5(a USSnX@lOD[ URUR5n[URURUS9Ul[USURURS9n UR5 [XRURURU5n URRS5n S RU R5S US /5n S RU S /5n [SS 9n[ UlU R%U 5nUR'[)UR+555 SSSSSSSS.nUUnWR=U5(dUR?U5 UbURAUX#5 OAURCUU5 [EURGU55S:XaURIU5 [)5nURKU5 [MX5 U ROU [QURS555 U RUSS9 g![,a- UR'[)UR+S555 GN#f=f![.aPnUR0S[2:Xa [5S5eUR0S[6[8[:4;aeSnAGN|SnAff=f![.a(nUR0S[2:Xa [5S5eeSnAff=f)NTrrgrdrergrhrirrjz$MACHINE\Microsoft\Windows NT\SecEditz GptTmpl.inf interpolationutf-16rrmKerberos Policy System Access) MaxTicketAge MaxServiceAge MaxRenewAgeMinimumPasswordAgeMaximumPasswordAgeMinimumPasswordLengthPasswordComplexityr)+r&rir'rjrUrkrrnr3rr5rrur>rr'r optionxformr read_filer(ryUnicodeDecodeErrorrrvr1rr-r.r/ has_section add_sectionset remove_optionrTrGremove_sectionrr2rr%getvaluer)rrrr?rrrrr}rrriinf_dirinf_fileinf_datarawrm section_mapsectionrs rBr(cmd_set_security.run$ s((*--dgg-M  i((AB%KH'/>2A/>  f%##G,,   )   LL& 0  " "7F 38##G,-2''0js  !$ 0 MM(Iclln$= >  ! !$ ! 7G& C""8CJJx,@#AB C vvay33"$DEEvvay!>!@!@!BBB  D vvay33"$DEE  sP%K6(J AL" 3K>KKK LALL" M,#MMr*rrr`rDrBrrsg@'H))--.. tW#JQTC )M -J=A'+IrDrc \rSrSrSrSr\R\R\RS.r \ "SSS\ SS S 9/r S /rSS jrSrg )cmd_list_securityio aList Samba Security Group Policy from the sysvol This command lists security settings from the sysvol that will be applied to winbind clients. These settings only apply to the ADDC. Example: samba-tool gpo manage security list {31B2F340-016D-11D2-945F-00C04FB984F9} rar rrrrrrrNcUR5UlURURSS9UlU(a"UR S5(a USSnX lOD[ URUR5n[URURUS9Ul[USURURS9nURRS5nS RUR5S US /5n [SS 9n [U lURU 5n U R![#U R%555 U R75HHn U S;aM U R9U 5H(upUR:R=U<SU<S35 M* MJ g![&a, U R![#U R%S 555 Nf=f![(aOn U R*S[,[.[04;aSn A gU R*S[2:Xa [5S5eeSn A ff=f)NTrrgrdrergrhrirrjz0MACHINE\Microsoft\Windows NT\SecEdit\GptTmpl.infrrrrm)rr = r%)r&rir'rjrUrkrrnr3rur>rr'rrrrr(ryrrrvr-r.r/r1rsectionsrrr)rrrrrrr}rrirrrrmrrr?s rBr(cmd_list_security.run s((*--dgg-M  i((AB%KH'>vvay33"$DEE  s<%G%'(F,,3G"G%!G""G%% H>/"H9#H99H>r*r+rr`rDrBrro sa'H))--.. tW#JQTC )M J+55 U RUR:5nUR@RCUR:<SU<S35 M g![ aOn U R"S [$[&[(4;aSn A gU R"S [*:Xa [-S 5eeSn A ff=f)NTrrgrdrergrhrirrjrrrm Software\Policies\Samba\smb_confrr%)"r&rir'rjrUrkrrnr3rur>rr r rrrrvr-r.r/r1rr#LoadParmrwr%rnrrorrrr)rrrrrrr}rrirrrmrnrirrs rBr(cmd_list_smb_conf.run s((*--dgg-M  i((AB%KH'>vvay33"$DEE  s)G'' I1"H;#H;;Ir*r+rr`rDrBrr sb'H))--.. tW#JQTC )M J'FrDrc \rSrSrSrSr\R\R\RS.r \ "SSS\ SS S 9/r /S QrSS jrSrg )cmd_set_smb_confi a%Sets a Samba smb.conf Group Policy to the sysvol This command sets an smb.conf setting to the sysvol for applying to winbind clients. Not providing a value will unset the policy. Example: samba-tool gpo manage smb_conf set {31B2F340-016D-11D2-945F-00C04FB984F9} 'apply gpo policies' yes rr rrrrrrrsettingrNcUR5UlURURSS9UlU(a"UR S5(a USSnX@lOD[ URUR5n[URURUS9Ul[USURURS9n UR5 [XRURURU5n URRS5n S RU R5S US /5n S RU S /5n [[ R"U R%U 55nUc}X.R4Vs/sHoR6PM sn;a[3SU-5eUR4Vs/sHnUR6U:wdMUPM nnUUl[9U5UlO[=U5R5S;aSnSnOd[=U5R5S;aSnS nOB[=U5R?5(aSn[A[=U55nO Sn[CU5n[ RD"5nSUl#[CU5UlUUl$UUl%[MUR45nUROU5 UUl[9U5Ul[QX5 U RSU [UU55 U RWSS9 g![&aenUR(S [*[,[.4;a[ R""5nSnAGNUR(S [0:Xa [3S5eeSnAff=fs snfs snf![&a(nUR(S [0:Xa [3S5eeSnAff=f)NTrrgrdrergrhrirrjrkz Registry.polrrmr)yesrrrrrO)nofalser#rr),r&rir'rjrUrkrrnr3rr5rrur>rr r rrrrvr-r.r/r1rrwrorTrr& isnumericrXr%rrnrrrrWr2rr r)rrrr?rrrrr}rrripol_dirrrrmrwetypers rBr(cmd_set_smb_conf.run s\((*--dgg-M  i((AB%KH'AI#G,AKAFAF8++,G NN1 &H #&w> 99;55"$DEE F+> vvay33"$DEE   sH)L- NN$N$75N)- N77N4#NN) O3#OOr*rrr`rDrBrr sf/H))--.. tW#JQTC )M .JMQMrDrcD\rSrSrSr0r\"5\S'\"5\S'Srg) cmd_smb_confid z$Manage smb.conf Group Policy Objectsrrr`N) rrrrr-rrrr r`rDrBrrd s$.K+-K)+KrDrc \rSrSrSrSr\R\R\RS.r \ "SSS\ SS S 9/r S /rSS jrSrg )cmd_list_symlinkij zList VGP Symbolic Link Group Policy from the sysvol This command lists symlink settings from the sysvol that will be applied to winbind clients. Example: samba-tool gpo manage symlink list {31B2F340-016D-11D2-945F-00C04FB984F9} rar rrrrrrrNc2UR5UlURURSS9UlU(a"UR S5(a USSnX lOD[ URUR5n[URURUS9Ul[USURURS9nURRS5nS RUR5S US S /5n [R"URU 55n U R-S5n U R,"S5n U R/S5H]nUR-S5nUR-S5nUR0R3SUR4<SUR4<S35 M_ g![aOn U R S ["[$[&4;aSn A gU R S [(:Xa [+S5eeSn A ff=f)NTrrgrdrergrhrirrjMACHINE\VGP\VTLA\UnixzSymlink\manifest.xmlrrmr~rfile_propertiessourcetargetzln -s r<r%r&rir'rjrUrkrrnr3rur>rrrrrrvr-r.r/r1rrrrrr)rrrrrrr}rrirrrmrrrrrs rBr(cmd_list_symlink.run s((*--dgg-M  i((AB%KH'O$))(3F$))(3F IIOOv{{FKKH I ? vvay:<<>>vvay33"$DEE  s%F== H"H.#HHr*r+rr`rDrBrrj sb'H))--.. tW#JQTC )M J'JrDrc \rSrSrSrSr\R\R\RS.r \ "SSS\ SS S 9/r /S QrSS jrSrg )cmd_add_symlinki zAdds a VGP Symbolic Link Group Policy to the sysvol This command adds a symlink setting to the sysvol that will be applied to winbind clients. Example: samba-tool gpo manage symlink add {31B2F340-016D-11D2-945F-00C04FB984F9} /tmp/source /tmp/target '%prog [options]r rrrrrrrrrNcUR5UlURURSS9UlU(a"UR S5(a USSnX@lOD[ URUR5n[URURUS9Ul[USURURS9n UR5 [XRURURU5n URRS5n S RU R5S US /5n S RU S /5n [R "[R""U R%U 555nUR'5R)S 5nUR("S5n[R6"US5n[R6"US5nUUl[R6"US5nUUl[?5nURAUSSS9 URCS5 [EX5 U RGU URI55 U RKSS9 g![*GanUR,S[.[0[24;a[R "[R4"S55n[R6"UR'5S 5n[R6"US5nSUl[R6"US5nSUl[R6"US5nSUl[R6"US5nSnAGNUR,S[::Xa [=S5eeSnAff=f![*a(nUR,S[::Xa [=S5eeSnAff=f)NTrrgrdrergrhrirrjMACHINE\VGP\VTLA\Unix\Symlinkr}r~rrrrrrrzSymlink PolicyrzSpecifies symbolic link datarmrrrrrr)&r&rir'rjrUrkrrnr3rr5rrur>rrrrrrrrrvr-r.r/rrrr1rr)rrr2rrr)rrrrrrrrr}rrrirrrrrrmr~rrrrr source_elm target_elmrs rBr(cmd_add_symlink.run s((*--dgg-M  i((AB%KH'>>>"**[*AB " h.>.>.@.=!? ]]=)<}}]F;,  mmM=I #A  }}]F;55"$DEE' D vvay33"$DEE   s8A*I5::N5 NC"N (#N  N O#OOr*r+rr`rDrBr r  sf9H))--.. tW#JQTC )M -JHLDrDr c \rSrSrSrSr\R\R\RS.r \ "SSS\ SS S 9/r /S QrSS jrSrg )cmd_remove_symlinki aRemoves a VGP Symbolic Link Group Policy from the sysvol This command removes a symlink setting from the sysvol from applying to winbind clients. Example: samba-tool gpo manage symlink remove {31B2F340-016D-11D2-945F-00C04FB984F9} /tmp/source /tmp/target r r rrrrrrr NcvUR5UlURURSS9UlU(a"UR S5(a USSnX@lOD[ URUR5n[URURUS9Ul[USURURS9n UR5 [XRURURU5n URRS5n S RU R5S US /5n S RU S /5n [R "[R""U R%U 555nUR'5R)S 5nUR("S5nUR9S5HZnUR)S5nUR)S5nUR:U:XdM7UR:U:XdMIUR=U5 O [5SU-U5e[?5nURAUSSS9 URCS5 [EX5 U RGU URI55 U RKSS9 g![*aYnUR,S[.[0[24;a[5SU-U5eUR,S[6:Xa [5S5eeSnAff=f![*a(nUR,S[6:Xa [5S5eeSnAff=f)NTrrgrdrergrhrirrjrr}r~rrz>Cannot remove link from '%s' to '%s' because it does not existrmrrrrrr)&r&rir'rjrUrkrrnr3rr5rrur>rrrrrrrrrvr-r.r/rr1rrrr)rrr2rrr)rrrrrrrrr}rrrirrrrrrmrrrrs rBr(cmd_remove_symlink.run" s((*--dgg-M  i((AB%KH'O(--h7J(--h7J&(Z__-F O, ? ;=C DEKM MisWdC    !$ 0 MM'388: .  ! !$ ! 7; vvay:<<>>#$028$9:@BB55"$DEE < vvay33"$DEE   s2A*J %:L L*AK>>L L8#L33L8r*r+rr`rDrBrr sf9H))--.. tW#JQTC )M -JHL@rDrcX\rSrSrSr0r\"5\S'\"5\S'\"5\S'Sr g) cmd_symlinkid z#Manage symlink Group Policy Objectsrr(rr`N) rrrrr-rrr rr r`rDrBrrd s1-K*,K(*K.0KrDrc \rSrSrSrSr\R\R\RS.r \ "SSS\ SS S 9/r S /rSS jrSrg )cmd_list_filesik zList VGP Files Group Policy from the sysvol This command lists files which will be copied from the sysvol and applied to winbind clients. Example: samba-tool gpo manage files list {31B2F340-016D-11D2-945F-00C04FB984F9} rar rrrrrrrNc UR5UlURURSS9UlU(a"UR S5(a USSnX lOD[ URUR5n[URURUS9Ul[USURURS9nURRS5nS RUR5S US S /5n [R"URU 55n U R-S5n U R,"S5n U R/S5HnUR-S5R0nUR-S5R0nUR-S5R0nUR-S5R0n[3U5n[5U5<SU<SU<SU<SU<3 nUR6R9SU-5 M g![aOn U R S ["[$[&4;aSn A gU R S [(:Xa [+S5eeSn A ff=f)NTrrgrdrergrhrirrjrzFiles\manifest.xmlrrmr~rrrrr>r z -> r)r&rir'rjrUrkrrnr3rur>rrrrrrvr-r.r/r1rrrrr*r+rr)rrrrrrr}rrirrrmrrrrrr>rmoders rBr(cmd_list_files.run s((*--dgg-M  i((AB%KH'>vvay33"$DEE  s%H I/ "I*#I**I/r*r+rr`rDrBrrk sa'H))--.. tW#JQTC )M J,(rDrc \rSrSrSrSr\R\R\RS.r \ "SSS\ SS S 9/r /S QrSS jrSrg ) cmd_add_filesi aAdd VGP Files Group Policy to the sysvol This command adds files which will be copied from the sysvol and applied to winbind clients. Example: samba-tool gpo manage files add {31B2F340-016D-11D2-945F-00C04FB984F9} ./source.txt /usr/share/doc/target.txt root root 600 z=%prog [options]r rrrrrr)rrrr>rrNc  UR5UlU RURSS9Ul[R R U5(d[SU-5eU(a"URS5(a USSn Xpl OD[URUR5n [URURU S9Ul [U SURURS9n UR5 [XRURURU5n URR!S 5nS R#UR%5S US /5nS R#US /5n[&R("[&R*"U R-U555nUR/5R1S5nUR0"S5n[&R>"US5n[&R>"US5n[R REU5Ul [&R>"US5nUUl [&R>"US5nUUl [&R>"US5nUUl SHunn[&R>"US5n U RGS U5 [IUS!5S"U--(a[&R>"U S#5 [IUS!5S$U--(a[&R>"U S%5 [IUS!5S&U--(dM[&R>"U S'5 M [K5n!URMU!S(SS)9 U!ROS5 [QUS*5RS5n"S R#U[R REU5/5n#[UX5 U RWUU!RS55 U RWU#U"5 U RYSS+9 g![2GanUR4S[6[8[:4;a[&R("[&R<"S55n[&R>"UR/5S5n[&R>"US5nSUl [&R>"US5nSUl [&R>"US5nSUl [&R>"US5nSnAGN$UR4S[B:Xa [S5eeSnAff=f![2a(nUR4S[B:Xa [S5eeSnAff=f),NTrzSource '%s' does not existrgrdrergrhrirrjMACHINE\VGP\VTLA\Unix\Filesr}r~rrrrrrrFilesrz+Represents file data to set/copy on clientsrmrrrr>r))r>)rr)otherr permissionsrrNrrrrMrrOexecuterrrr)-r&rir'rjrrrrrUrkrrnr3rr5rrur>rrrrrrrrrvr-r.r/rrrr1rrrXr)rrrrr2rr)$rrrrr>rrrrrrr}rrrirrrrrrmr~rrrrrrrr group_elmptypeshiftr&r source_data sysvol_sources$ rBr(cmd_add_files.run sK((*--dgg-M ww~~f%%;fDE E i((AB%KH'@A))Wn56 ~~bmmDMM'4J&KLH%%',,_=F;;v&D,--.?@]]?H= ''**62 ]]?H=  ==&9 MM/7;  ELE5--GK OOFE *4|se|, k624|se|, k734|se|,, k95FisWdC  64(--/  7BGG,<,>>>"**[*AB " h.>.>.@.=!? ]]=)<}}]F;#  mmM=I #P  }}]F;55"$DEE' d vvay33"$DEE   s9A*PA T; T8(C"T3#T33T8; U-#U((U-r*r+rr`rDrBr r  shOH))--.. tW#JQTC )M FJ<@7;WrDr c \rSrSrSrSr\R\R\RS.r \ "SSS\ SS S 9/r S S /rSSjrSrg )cmd_remove_filesi" aRemove VGP Files Group Policy from the sysvol This command removes files which would be copied from the sysvol and applied to winbind clients. Example: samba-tool gpo manage files remove {31B2F340-016D-11D2-945F-00C04FB984F9} /usr/share/doc/target.txt z%prog [options]r rrrrrrrrNcUR5UlURURSS9UlU(a"UR S5(a USSnX0lOD[ URUR5n[URURUS9Ul[USURURS9nUR5 [XRURURU5n URRS5n S RU R5S US /5n S RU S /5n [R "[R""UR%U 555n U R'5R)S 5nUR("S5nUR9S5HvnUR)S5nUR)S5nUR:U:XdM7S RU UR:/5nUR=U5 UR?U5 O [5SU-5e[A5nU RCUSSS9 URES5 [GX5 URIU URK55 U RMSS9 g![*aXnUR,S[.[0[24;a[5SU-5eUR,S[6:Xa [5S5eeSnAff=f![*a(nUR,S[6:Xa [5S5eeSnAff=f)NTrrgrdrergrhrirrjr"r}r~rrz1Cannot remove file '%s' because it does not existrmrrrrrr)'r&rir'rjrUrkrrnr3rr5rrur>rrrrrrrrrvr-r.r/rr1rrunlinkrr)rrr2rrr)rrrrrrrr}rrrirrrrrrmrrrrrs rBr(cmd_remove_files.run: s((*--dgg-M  i((AB%KH'@A))Wn56 ~~bmmDMM'4J&KLH%%',,_=F;;v&D $||,=>O(--h7J(--h7J&(GZ__#=> F# O, ? ;=C DE EisWdC    !$ 0 MM'388: .  ! !$ ! 7? vvay:<<>>#$028$9::55"$DEE @ vvay33"$DEE   s2A*J;:L ; LALL M*#M  Mr*r+rr`rDrBr/r/" sk0H))--.. tW#JQTC )M "J@DBrDr/cX\rSrSrSr0r\"5\S'\"5\S'\"5\S'Sr g) cmd_filesi~ z!Manage Files Group Policy Objectsrr(rr`N) rrrrr-rrr r/r r`rDrBr4r4~ s0+K(*K&K,.KrDr4c \rSrSrSrSr\R\R\RS.r \ "SSS\ SS S 9/r S /rSS jrSrg )cmd_list_opensshi zList VGP OpenSSH Group Policy from the sysvol This command lists openssh options from the sysvol that will be applied to winbind clients. Example: samba-tool gpo manage openssh list {31B2F340-016D-11D2-945F-00C04FB984F9} rar rrrrrrrNc UR5UlURURSS9UlU(a"UR S5(a USSnX lOD[ URUR5n[URURUS9Ul[USURURS9nURRS5nS RUR5S US S /5n [R"URU 55n U R-S5n U R,"S5n U R-S5nUR/S5HnUR-S5R0(aM%UR/S5HXnUR2R5UR-S5R0<SUR-S5R0<S35 MZ M g![aOn U R S ["[$[&4;aSn A gU R S [(:Xa [+S5eeSn A ff=f)NTrrgrdrergrhrirrjzMACHINE\VGP\VTLA\SshCfgzSshD\manifest.xmlrrmr~r configfile configsection sectionname keyvaluepairrr<r?r%r&rir'rjrUrkrrnr3rur>rrrrrrvr-r.r/r1rrrrrr)rrrrrrr}rrirrrmrrr8r9kvs rBr(cmd_list_openssh.run s((*--dgg-M  i((AB%KH'>vvay33"$DEE  s%H I "I4#IIr*r+rr`rDrBr6r6 sb'H))--.. tW#JQTC )M J*ErDr6c \rSrSrSrSr\R\R\RS.r \ "SSS\ SS S 9/r /S QrSS jrSrg )cmd_set_opensshi a"Sets a VGP OpenSSH Group Policy to the sysvol This command sets an openssh setting to the sysvol for applying to winbind clients. Not providing a value will unset the policy. Example: samba-tool gpo manage openssh set {31B2F340-016D-11D2-945F-00C04FB984F9} KerberosAuthentication Yes z'%prog [value] [options]r rrrrrrrNc UR5UlURURSS9UlU(a"UR S5(a USSnX@lOD[ URUR5n[URURUS9Ul[USURURS9n UR5 [XRURURU5n URRS5n S RU R5S US /5n S RU S /5n [R "[R""U R%U 555nUR'5R)S 5nUR("S5nUR)S5nUbUR?S5HnUR)S5R8(aM%0nUR?S5HnUUUR)S5'M UURA5;a UUUlMs[R6"US5n[R6"US5nUUl[R6"US5nUUlM OUR?S5HnUR)S5R8(aM%0nUR?S5H!nUUUR)S5R8'M# UURA5;aURCUU5 M[=S U-5e [E5nURGUS!SS"9 URIS5 [KX5 U RMU URO55 U RQSS#9 g![*GatnUR,S[.[0[24;Ga)[R "[R4"S55n[R6"UR'5S 5n[R6"US5nSUl[R6"US5nSUl[R6"US5nSUl[R6"US5nSUl[R6"US5n[R6"US5n[R6"US5n[R6"US5 SnAGNFUR,S[::Xa [=S5eeSnAff=f![*a(nUR,S[::Xa [=S5eeSnAff=f)$NTrrgrdrergrhrirrjzMACHINE\VGP\VTLA\SshCfg\SshDr}r~rr8rrrrrrzConfiguration Filerz+Represents Unix configuration file settingsrrr9r:rmr;rr?rrrr))r&rir'rjrUrkrrnr3rr5rrur>rrrrrrrrrvr-r.r/rrrr1rrrrr)rrr2rrr)rrrr?rrrrr}rrrirrrrrr8rmr~rrrrrr9settingsr=r;rdvaluers rBr(cmd_set_openssh.run s((*--dgg-M  i((AB%KH'>"EisWdC    !$ 0 MM'388: .  ! !$ ! 7y vvay:<<>>>>"**[*AB " h.>.>.@.=!? ]]=)<}}]F;0  mmM=I #P  ]]=,G ") }}]F;]]4> " j/ J  m];;55"$DEE1 z vvay33"$DEE   s8A;N:?:T<: T9ET4#T44T9< U.#U))U.r*rrr`rDrBr@r@ sf9H))--.. tW#JQTC )M .J>B'+`rDr@cD\rSrSrSr0r\"5\S'\"5\S'Srg) cmd_opensshiD z#Manage OpenSSH Group Policy Objectsrrr`N) rrrrr-rr6r@r r`rDrBrFrFD s$-K*,K(*KrDrFc \rSrSrSrSr\R\R\RS.r \ "SSS\ SS S 9/r S /rSS jrSrg )cmd_list_startupiJ zList VGP Startup Script Group Policy from the sysvol This command lists the startup script policies currently set on the sysvol. Example: samba-tool gpo manage scripts startup list {31B2F340-016D-11D2-945F-00C04FB984F9} rar rrrrrrrNc UR5UlURURSS9UlU(a"UR S5(a USSnX lOD[ URUR5n[URURUS9Ul[USURURS9nURRS5nS RUR5S US S /5n [R"URU 55n U R-S5n U R,"S5n U R/S5HnUR-S5nS RS UR5S USSUR0/5nUR-S5nUR-S5nUb UR0nOSnUb UR0nOSnUR2R5SU<SU<SU<S35 M g![aOn U R S ["[$[&4;aSn A gU R S [(:Xa [+S5eeSn A ff=f)NTrrgrdrergrhrirrjrzScripts\Startup\manifest.xmlrrmr~rrscriptzMACHINE\VGP\VTLA\Unix\ScriptsStartup parametersrun_asrootrJz@reboot r<r%r<)rrrrrrr}rrirrrmrrrrJ script_pathrLrMs rBr(cmd_list_startup.runb s$((*--dgg-M  i((AB%KH'K%)),7J %%h/F!%'__  IIOOFK2<> ?7 vvay:<<>>vvay33"$DEE  s%H I+"I&#I&&I+r*r+rr`rDrBrHrHJ sa'H))--.. tW#JQTC )M J4?rDrHc \rSrSrSrSr\R\R\RS.r \ "SSS\ SS S 9\ "S S S SSS9/r /SQrSSjrSrg)cmd_add_startupi zAdds VGP Startup Script Group Policy to the sysvol This command adds a startup script policy to the sysvol. Example: samba-tool gpo manage scripts startup add {31B2F340-016D-11D2-945F-00C04FB984F9} test_script.sh '\-n \-p all' z.%prog