Aniruddha
2011-Aug-27 13:38 UTC
[Samba] What is the recommend method to give users local admin access?
What is the recommend method with a samba pdc to give users local administrator access to their workstations? In Samba4 / Active Directory I can use a group policy. For Samba I can add 'Domain Users' to the local administrator group following these instructions. http://www.samba.org/samba/docs/man/Samba3-HOWTO/groupmapping.html#id2598630Is there a better way to do this?
TAKAHASHI Motonobu
2011-Aug-27 14:22 UTC
[Samba] What is the recommend method to give users local admin access?
From: Aniruddha <mailingdotlist at gmail.com> Date: Sat, 27 Aug 2011 15:38:58 +0200> What is the recommend method with a samba pdc to give users local > administrator access to their workstations?If you have created "Domain Admins" global group, it automatically belongs to the Administrators localgroup in each workstations when it joins. So users belong to "Domain Admins" have administrative rights to each workstations. I recommend that "Domain Admins" global group should be created with rid=512 to grant administrative rights for its domain itself. --- TAKAHASHI Motonobu <monyo at monyo.com>
Christian PERRIER
2011-Aug-27 18:24 UTC
[Samba] What is the recommend method to give users local admin access?
Quoting Aniruddha (mailingdotlist at gmail.com):> What is the recommend method with a samba pdc to give users local > administrator access to their workstations? In Samba4 / Active Directory IGive them a local account with admin access? But not give that to their regular account? Seriously, don't give people habits of working with admin access to Windows machines. Really. If you really want to do this...and reinstall Windows clients every 6 months, then create a domain group (something like "ShootSelfInFoot") and put this global group in the "Administrators" local group on each client. Using "Domain Admins" is IMHO a wrong idea as this gives them more power than just having admin access to the local machines.
Aniruddha
2011-Aug-27 18:55 UTC
[Samba] What is the recommend method to give users local admin access?
On Sat, Aug 27, 2011 at 4:22 PM, TAKAHASHI Motonobu <monyo at monyo.com> wrote:> I recommend that "Domain Admins" global group should be created with > rid=512 to grant administrative rights for its domain itself. > >Thanks for the help. Unfortunately this would give them to much privileges.