Windows 8 Support

From SME Server
Revision as of 11:45, 2 December 2020 by Stabilys (talk | contribs) (→‎Background)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
PythonIcon.png Skill level: medium
The instructions on this page require a basic knowledge of linux.


Background

Windows 8.1 reached the end of Mainstream Support on January 9, 2018; unless you purchase extended support, the only Microsoft-supported Windows version now is Windows 10. We strongly recommend you do not use versions of Windows unsupported by Microsoft.

Windows 8 was released in december 2012. Due to changes in the way that trust relationships are established with domain controllers, older versions of Samba (need at least 3.6.6) do not allow Windows 8 clients to log in once joined to a domain. see bugzilla:7172

Join a SME Server 8.0 Domain with Win8

Previously you needed to edit your Win8 registry to facilitate the joining of a SME Server Domain, however this can more easily be achieved by importing win8samba.reg fix by using either a usb key or by the network with http.


  Note:
The win8samba.reg is not yet in the smeupdates repository, you can see the bugzilla:7172 if you can not find it in you server-resources.


At least you need :

[root@sme8dev ~]# rpm -qa e-smith-samba
e-smith-samba-2.2.0-58.el5.sme
  • Save the Win8 registry patch (win8samba.reg) from https://your-server-ip/server-resources/regedit/ with your favourite web browser.
  • On your windows desktop, start "regedit" from the search menu in the top right corner and import the win8samba.reg.
  • Set your domain instead of your workgroup. Add the client machine to the domain as normal.
  • When asked on your Windows PC use the 'admin'(*) username and your SME Server admins password.
  • You should get back the response 'Connected to Domain'
  • You have to reboot your computer to reach the Domain


  Tip:
To connect a windows 8 client to your SME Server Domain, Go to the Top right corner of your Desktop, select "settings" and then "PC Info", select the link "change Settings", then click on "Change" Tab.. Enter your servers "Domain" value in the domain field and 'Connect'. Enter the username of admin(*) with the servers admin password when asked, and You should get back the response 'Connected to Domain'. Reboot the computer to reach the Domain.


(*) Admin or any user in the 'Domain Admins' group can join the domain.


  Note:
You will receive one warning about DNS domain name configuration after the join has succeeded:
  "Changing the Primary Domain DNS name of this computer to "" failed.
   The name will remain "MYDOM".  The error was:
   
   The specified domain either does not exist or could not be contacted" 

But this error can safely be ignored or, if you run Windows 7, silenced by a hotfix, that was published by Microsoft: KB2171571: You incorrectly receive an error message when you join a computer that is running Windows 7 or Windows Server 2008 R2 to a Samba 3-based domain.


Microsoft Account or Local account

  Note:
When you are using Windows 8 in a SME Server domain environment, you will not be able to use a Microsoft account to sign into a SME Server Domain. Indeed your Microsoft account is not recognized by the server after the login and you have to give your password for each network share you want to reach on the SME Server


There are two types of Windows 8 User accounts to choose from:

  • Microsoft account

When you sign into Windows 8 with a Microsoft account:

  1. You must associate an email address with your Windows 8 User account.
  2. Microsoft apps automatically update online content.
  3. Your settings will be synced across other Windows 8 PCs you use.


  • Local account

When you sign into Windows 8 with a Local account:

  1. You are not required to associate an email address with your Windows 8 User account.
  2. You will have to create a new user account for each Windows 8 PC you use.
  3. Your settings won't be synced across the Windows 8 PCs you use.


If you are not worried about being instantly and directly connected to the Cloud or the Windows Store and are not interested in having your settings synced between multiple Windows 8 systems, then you may want to sign in to Windows 8 using a Local account. This Local Account is mandatory if you want to use all the services that an SME Server Domain can give to you.

Now, be aware that when you use a Local account, you will still be able to access everything in the Windows Store or SkyDrive, but accessing them will require that you first sign in with your Microsoft account credentials. For example, the first time that you attempt to access SkyDrive, you'll have to enter your Microsoft account credentials. After you do so for the first time, your credentials will be saved. Once your credentials are saved, you will be able to access the service just as if you were using a Microsoft account.


  Tip:
To change a Microsoft Account to a Local Account, Go to the Top right corner of your Desktop, select "settings" and then "Change Pc settings", select the link "Switch to local account", give the user password and select "next". Enter your user values in the local account field and press "Next". The new local account will be added


Setting up network drives

In order to have logon script working you must add the following Keys in registry

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths]
"\\\\*\\netlogon"="RequireMutualAuthentication=0,RequireIntegrity=0,RequirePrivacy=0"


If you are using SME Server as a domain controller and the workstations have joined the domain you can automate drive mapping and syncronise the PC time with the netlogon.bat file

Note: Chapter 13 has a method for admin to edit the netlogon.bat file without using the command line. You can consider also the chapter 7 on Configuring the Computers on Your Network

nano -w /home/e-smith/files/samba/netlogon/netlogon.bat
REM To set the time when clients logon to the domain:
net time \\servername /set /yes
REM To map a home directory to drive h:
net use h: /home /persistent:no
net use j: \\servername\ibay1 /persistent:no
net use p: \\servername\ibay2 /persistent:no
if exist Z: net use Z: /del /yes

and reset file to dos format

unix2dos /home/e-smith/files/samba/netlogon/netlogon.bat

Slow login with win8 to sme8 domain

With certain networks you may have an issue with a slow login to the SME Server domain due to a timeout issue on the network. In this case you should install a second patch (in first you have to install the win8samba.reg).

This is what you need to find in your server-ressources

cat /home/e-smith/files/server-resources/regedit/windows_samba_performance.reg 
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"SlowLinkDetectEnabled"=dword:00000000
"DeleteRoamingCache"=dword:00000001
"WaitForNetwork"=dword:00000000
"CompatibleRUPSecurity"=dword:00000001


After this you follow the usual way to add the patch to your windows registery

  • Save the registry patch (windows_samba_performance.reg) from https://your-server-ip/server-resources/regedit/ with your favourite web browser
  • On your windows desktop, start "regedit" from the start menu and import the windows_samba_performance.reg