BackgroundAs you know, Centrified systems can process group policies (basics here). However, did you know that there is a group policy object named "Copy files" that can be used to:
- Distribute files
- Make sure config files stay consistent
- Deploy software
- and many many more creative uses.
|The copy files GPO|
It's located under Computer Configuration > Centrify Settings > Common UNIX Settings
How does it work?
The copy-file GPO uses the Centrify agent's GP engine along with adsmb and the computer credentials to connect to the AD SYSVOL (or an alternate share) and obtain the files and it will place it in the target folder of the Unix/Linux or Mac system.
|Copy-file GPO options|
Because adclient is a privileged process the destination file can be manipulated (permissions, ownership, etc.). The file gets copied under two conditions:
Considerations when using this GPO (and group policies in general):
- Perl needs to be installed. (5.8 minimum as of 9/2014)
- The sysvol or alternate share have to be reachable, therefore the requirements to make a CIFS connection are in play. This may be undesirable in firewall scenarios.
- When writing to sysvol, an appropriate AD account needs to be used.
- Group Policy Objects for users are not enabled on *NIX by default, they are on the Mac.