Your storage system supports Group Policy Objects (GPOs), a collection of group policy settings that apply to computers in an Active Directory environment.
When CIFS and GPOs are enabled on your storage system, Data ONTAP sends LDAP queries to the Active Directory server requesting GPO information. If there are GPO definitions that are applicable to your storage system, the Active Directory server returns the following GPO information:
- GPO name
- Current GPO version
- Location of the GPO definition
- Lists of UUIDs (universally unique identifiers) for GPO policy sets
Note: For more information about Windows GPOs, see the Microsoft web site.
Although not all GPOs are applicable to your storage system, the storage system can recognize and process the relevant set of GPOs.
The following GPOs are currently supported for your storage system:
- Startup and shutdown scripts
- Group Policy refresh interval for computer (includes random offset)
- File System security policy
- Restricted Groups security policy
- Event Log policy
- Auditing policy
- Take Ownership user right
- Manage Auditing and Security Logs user right
Note: Event Log and Auditing policy settings are applied differently to storage systems than to Windows systems. Also, if you define a Take Ownership user list or group list that does not contain Windows built-in administrator accounts, these administrators lose Take Ownership privileges.