Difference between revisions of "Windows 10 Support"
Line 34: | Line 34: | ||
Windows Registry Editor Version 5.00 | Windows Registry Editor Version 5.00 | ||
− | |||
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths] | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths] | ||
− | |||
"\\\\*\\netlogon"="RequireMutualAuthentication=0,RequireIntegrity=0,RequirePrivacy=0" | "\\\\*\\netlogon"="RequireMutualAuthentication=0,RequireIntegrity=0,RequirePrivacy=0" | ||
Revision as of 10:45, 1 September 2015
Author
Flep based on windows_7_support of David Harper
Background
Windows 10 was released in July 2015. Due to changes in the way that trust relationships are established with domain controllers, some modifications to the windows registry needs to take place.
Join a Window 10 client to SME Server 8 or 9
Previously you needed to edit your Win7 registry to facilitate the joining of a SME Server Domain, however this can more easily be achieved by importing win7samba.reg fix by using either a usb key or by the network with http.
- Save the Win7 registry patch (win7samba.reg) from https://your-server-ip/server-resources/regedit/ with your favourite web browser
- On your windows desktop, start "regedit" from the start menu and import the win7samba.reg
- Set your domain instead of your workgroup. Add the client machine to the domain as normal.
- When asked on your Windows PC use the 'admin' username and your SME Server admins password.
- You have to reboot your computer to reach the domain
(*) Admin or any user in the 'Domain Admins' group can join the domain.
Setting up network drives
In order to have logon script working you must add the following Keys in registry
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths] "\\\\*\\netlogon"="RequireMutualAuthentication=0,RequireIntegrity=0,RequirePrivacy=0"
If you are using SME Server as a domain controller and the workstations have joined the domain you can automate drive mapping and syncronise the PC time with the netlogon.bat file
Note: Chapter 13 has a method for admin to edit the netlogon.bat file without using the command line. You can consider also the chapter 7 on Configuring the Computers on Your Network
nano -w /home/e-smith/files/samba/netlogon/netlogon.bat
REM To set the time when clients logon to the domain: net time \\servername /set /yes REM To map a home directory to drive h: net use h: /home /persistent:no net use j: \\servername\ibay1 /persistent:no net use p: \\servername\ibay2 /persistent:no if exist Z: net use Z: /del /yes
and reset file to dos format
unix2dos /home/e-smith/files/samba/netlogon/netlogon.bat
Slow login with win10 to sme8/9 domain
With certain networks you may have an issue with a slow login to the SME Server domain due to a timeout issue on the network. In this case you should install a second patch (in first you have to install the win7samba.reg). The history of this patch can be found at bugzilla:7332
This is what you need to find in your server-ressources
cat /home/e-smith/files/server-resources/regedit/windows_samba_performance.reg
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System] "SlowLinkDetectEnabled"=dword:00000000 "DeleteRoamingCache"=dword:00000001 "WaitForNetwork"=dword:00000000 "CompatibleRUPSecurity"=dword:00000001
After this you follow the usual way to add the patch to your windows registery
- Save the registry patch (windows_samba_performance.reg) from https://your-server-ip/server-resources/regedit/ with your favourite web browser
- On your windows desktop, start "regedit" from the start menu and import the windows_samba_performance.reg
Adding Windows 7 Support to SME Server 7
Configuring Clients
- Install the Windows 7 registry patch from http://yourserver/server-resources/
- Add the client machine to the domain as normal.
- Log in as the 'admin' user for the first time.
Refer to bugzilla:5897 and bugzilla:7002 for details of following error
Roaming Profiles
Windows 7 clients require that a version 2 profile folder exist in the profiles$ share, which on SME Server is located in /home/e-smith/files/samba/profiles.
This additional profile folder is automatically provisioned for existing users when the installing latest version of e-smith-samba (see bug 5423). After this point, all new user accounts have the folder created as soon as they are added.
Version 2 profiles are not compatible with Windows XP and earlier. If you have mixed environments you will be required to maintain two separate profiles for each user.