Group Policy Application Tool gpupdate 0.9.12 Released

A new release of gpupdate, a tool for applying group policies in Alt distributions, has been published. gpupdate's mechanisms apply group policies on client machines both at the system level and for individual users. gpupdate is part of Basalt SPO's alternative solution for implementing an Active Directory domain infrastructure under LinuxThe application supports MS AD or Samba DC domain infrastructure. gpupdate is written in Python and distributed under the GPLv3+ license. You can install gpupdate from the stable p10 branch of the ALT repositories.

The principle of operation of gpupdate is based on the implementation of group policies in Linux, which stores policies in the SysVol directory on controllers domainGPOA, a gpupdate submodule, accesses the domain controller's SysVol and loads all GPT Group Policy templates for the system and users (the Machine and User directories) and all directory information. The gpupdate tool parses .pol files and creates a database. GPOA retrieves its data from this registry, sorts it, processes it, and begins sequentially running the "appliers" modules.

Each of these modules is responsible for its own portion of the settings application. For example, there are modules related to the system kernel settings, desktop settings, peripherals, browser settings, and printer settings. Each module takes the portion of the database that pertains to it. For example, the Firefox applier will search the database for a line containing "firefox" and process only that portion of the database—namely, it will generate a JSON file from this information in the /etc/firefox/policies directory (as it is generated in Linux). Then, when the web browser starts, it accesses this directory and runs all the settings.

Changes in version 0.9.11.2:

  • All policies of the Firefox and Chromium web browsers are supported for the computer.
  • Added mechanisms for applying script policies - logon/logoff/startup/shutdown.
  • Mechanisms for applying system settings parameters (preferences): operations with files (Files), directories (Folders), configuration files (Ini-files).
  • Added a new action for updating the status of services in gpupdate-setup - the update key starts all necessary services when updating the involved gpupdate.
  • The application of user policies has been improved in terms of correct operation and security. Systemd now has a system timer, gpupdate.timer, and a user timer, gpupdate-user.timer, to monitor and control the execution time of the gpupdate.service service. The frequency of running gpupdate can be configured using a timer.
  • The loopback policy processing mode has been optimized - “Configuring the user group policy loopback processing mode.” This policy allows the settings of one GPO to override the settings of another GPO for users of that second GPO.

Features of version 0.9.12:

  • Added a mechanism for applying Yandex browser group policies to a computer.
  • Mechanisms for applying system settings parameters (preferences): settings of shared network resources for the user (network shares).
  • Added enumeration of domain controllers (DCs) with a configured SysVol directory if the automatically selected domain controller happens to have a SysVol that does not have group policies. By default, domain controller enumeration is disabled.
  • Added the ability to generate rules for all polkit actions via group policies; For each polkit-action, you can prepare an admx configuration template, which will be displayed in the console tree of the graphical tool for editing system and user GPUI configurations.
  • Fixed display of disk mounting policy for the user and added support for mounting for the computer:
    • Added support for disk label options;
    • Fixed a collision of drive letter names; drive letters are assigned as in Windows.
    • Replaced mount points to display shared resources:
    • /media/gpupdate/drives.system - for system resources;
    • /media/gpupdate/.drives.system - for hidden system resources;
    • /run/media/USERNAME/drives - for user shared resources;
    • /run/media/USERNAME/.drives - for hidden user shares.

Source: opennet.ru

Buy reliable hosting for sites with DDoS protection, VPS VDS servers 🔥 Buy reliable website hosting with DDoS protection, VPS VDS servers | ProHoster