Windows 10 Support

From SME Server
Revision as of 10:36, 6 March 2018 by Jader (talk | contribs) (add section to REVERT win10samba.reg)
Jump to navigation Jump to search
PythonIcon.png Skill level: medium
The instructions on this page require a basic knowledge of linux.


Author

Flep based on windows_7_support of David Harper

Background

Windows 10 was released in July 2015. Due to changes in the way that trust relationships are established with domain controllers, some modifications to the windows registry needs to take place.

Join a Window 10 client to SME Server 8 or 9

Previously you needed to edit your Win10 registry to facilitate the joining of a SME Server Domain, however this can more easily be achieved by importing win10samba.reg fix by using either a usb key or by the network with http.

  • Save the Win10 registry patch (win10samba.reg) from https://your-server-ip/server-resources/regedit/ with your favourite web browser
  • On your windows desktop, start "regedit" from the start menu and import the win10samba.reg
  • Set your domain instead of your workgroup. Add the client machine to the domain as normal.
  • When asked on your Windows PC use the 'admin' username and your SME Server admins password.
  • You have to reboot your computer to reach the domain


  Tip:
To connect a windows 10 client to your domain, Go to the "start menu", right click on Settings, select "Accounts", select the link "Work Access", then " join or leave a Domain". Enter your servers "Domain" value in the domain field and 'Connect'. Enter the username of admin(*) with the servers admin password when asked.


(*) Admin or any user in the 'Domain Admins' group can join the domain.

MS Windows workgroup configuration

Go to the "start menu", right click on computer, select "System", select the link "System Info", then click on "Change settings" Tab. In the field for "Computer name, domain and workgroup settings", type your "workgroup".

Adding a Microsoft account to your domain account

  Note:
When you are using Windows 10 in a SME Server domain environment you will normally login with your domain account to be able to use network shares without entering your credentials. You can still login with a local account by using the 'Other user' option and entering the computer name as the domain in the Username box, like this: <ComputerName>\<LocalUsername>


If you want to be automatically signed into Microsoft's Cloud services (like you would when you login to Windows 10 with a Microsoft Account) you can add your Microsoft Account to your Domain account:

  • Go to: Start > Settings > Accounts > Your account
  • Scroll down to the section: 'Other accounts you use'
  • Click on the 'Add a Microsoft account' link and supply your credentials

Setting up network drives

If you are using SME Server as a domain controller and the workstations have joined the domain you can automate drive mapping and syncronise the PC time with the netlogon.bat file

Note: Chapter 13 has a method for admin to edit the netlogon.bat file without using the command line. You can consider also the chapter 7 on Configuring the Computers on Your Network

nano -w /home/e-smith/files/samba/netlogon/netlogon.bat
REM To set the time when clients logon to the domain:
net time \\servername /set /yes
REM To map a home directory to drive h:
net use h: /home /persistent:no
net use j: \\servername\ibay1 /persistent:no
net use p: \\servername\ibay2 /persistent:no
if exist Z: net use Z: /del /yes

and reset file to dos format

unix2dos /home/e-smith/files/samba/netlogon/netlogon.bat


Outlook 2016 on Win10

for both SME9 Bugzilla:10106 and SME10 Bugzilla:10169 a registry modification has been added to the default win10samba.reg. While setting up an email account on a windows 10 computer joined to a domain (with roaming profiles) you would get an error code: 0x8004011c without this.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Protect\Providers\f9d8cd0-1501-11d1-8c7a-00c04fc297eb]
"ProtectionPolicy"=dword:00000001

notes about Window 10 and SME Server 10

As reported in Bugzilla:9555, with default configuration while samba 4.4.4-12 should be able to use SMB3_11 protocol and Windows 10 should ask for it, it could occurs that the negotiation fails, if so, please report.However, there seems two way to workaround this. First by editing the registry of windows clients:

 config setprop smb ServerMaxProtocol NT1 
 expand-template /etc/smb.conf
 service smb restart

An alternative would have been to patch the registry of every windows 10 client with the following:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\ParametersRegistry]
"SMB1"=dword:00000001
"SMB2"=dword:00000000


reverting win10samba.reg changes

If you need to revert back the win10samba.reg changes, this is the batch to do it:

@echo off
reg delete HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters /v "DNSNameResolutionRequired" /f
reg delete HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters /v "DomainCompatibilityMode" /f
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths /v "\\\\*\\netlogon" /f
reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ProfSvc\Parameters /v "UseProfilePathExtensionVersion" /f
reg delete  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System /v "SlowLinkDetectEnabled" /f
reg delete  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System /v  "DeleteRoamingCache" /f
reg delete  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System /v "WaitForNetwork" /f
reg delete  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System /v  "CompatibleRUPSecurity" /f