I've seem to be stuck. I come from a mostly POSIX background, & thrown into the deep-end on this one, so learning as I go along - so not sure if there's no solution, or if it's my own Dunning-Kruger at play.
Setup:
(Trying to keep as much of the back-end FLOSS, non-FLOSS only where can't escape)
- Running a CentOS (7) server
- Samba (4) Active Directory domain (Sernet repo) - replicated cluster
- W764-64 & W10p-64 testing VM's
- W10p-64 admin VM
- N windows desktops in several "departments"
So far it all looks OK: got basic, stable setup as per docs, pushed out some basic GPO's to network (eg. create a file in %TEMP%, or alike), so can confirm that basic GPO creation & permissions are OK.
gpupudate et al is all good.
What I now need to do is better target GPO's & test impact on smaller subset of desktops before deploying throughout the entire org.
What what I can gather (& this is where the limits of my w32-knowledge comes sharply into focus), this is achieved by creating & applying a WMI filter to said GPO.
From what I gather it seems to be a pretty vanilla SQL or SQL-like syntax, and the suggested manner of creating such statements is to use WMI Explorer to explore Namespaces & build said targeting queries. (quite nice actually)
Obviously the tool can poll localhost namespaces absolutely fine, but when I try to connect it to the DC's, I fail, as there is no WMI or RPC on a Linux/POSIX box to speak of (which seems obvious, but trying not to make too many assumptions).
This leaves me in a precarious position - I need to do what seems to be pretty normal sysadmin work, but Samba does not seem to support WMI (& the wiki seems to bear this out) which windows seems to rely heavily on & make extensive use of.
But I still need to find a good/stable way to take a more targeted & nuanced approach to deploying controls to a large number of hosts, and the assumed/suggested resources fall far short of the mark.