barış tombul
2016-Sep-08 06:46 UTC
[Samba] samba Printer Privilege (cannot add or remove anything with regards to Printers at regedit)
we have logged in as administrator
opened regedit
Connect Network Registry
we couldnt add or remove anything to "HKEY_LOCAL_MACHINE\SYSTEM\Cu
rrentControlSet\Control\Print\Printers"
could you please help us to find what is missing?
# net rpc rights list accounts -Uadministrator
Enter administrator's password:
BUILTIN\Print Operators
SeLoadDriverPrivilege
SeShutdownPrivilege
SeInteractiveLogonRight
SePrintOperatorPrivilege
BUILTIN\Account Operators
SeInteractiveLogonRight
FACILITY\btombul
SePrintOperatorPrivilege
BUILTIN\Backup Operators
SeBackupPrivilege
SeRestorePrivilege
SeShutdownPrivilege
SeInteractiveLogonRight
FACILITY\Domain Admins
SePrintOperatorPrivilege
SeMachineAccountPrivilege
SeAddUsersPrivilege
SeRemoteShutdownPrivilege
SeDiskOperatorPrivilege
SeTakeOwnershipPrivilege
BUILTIN\Administrators
SeSecurityPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeSystemtimePrivilege
SeShutdownPrivilege
SeRemoteShutdownPrivilege
SeTakeOwnershipPrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeSystemProfilePrivilege
SeProfileSingleProcessPrivilege
SeIncreaseBasePriorityPrivilege
SeLoadDriverPrivilege
SeCreatePagefilePrivilege
SeIncreaseQuotaPrivilege
SeChangeNotifyPrivilege
SeUndockPrivilege
SeManageVolumePrivilege
SeImpersonatePrivilege
SeCreateGlobalPrivilege
SeEnableDelegationPrivilege
SeInteractiveLogonRight
SeNetworkLogonRight
SeRemoteInteractiveLogonRight
SePrintOperatorPrivilege
BUILTIN\Server Operators
SeBackupPrivilege
SeSystemtimePrivilege
SeRemoteShutdownPrivilege
SeRestorePrivilege
SeShutdownPrivilege
SeInteractiveLogonRight
FACILITY\Administrator
SeAddUsersPrivilege
SeMachineAccountPrivilege
SeRemoteShutdownPrivilege
SeDiskOperatorPrivilege
BUILTIN\Pre-Windows 2000 Compatible Access
SeRemoteInteractiveLogonRight
SeChangeNotifyPrivilege
smb.conf
cat /usr/local/samba/etc/smb.conf
# Global parameters
[global]
workgroup = TEST
realm = TEST.LOCAL
netbios name = TESTX
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
idmap_ldb:use rfc2307 = yes
template shell = /bin/bash
template homedir = /home/%U
winbind enum users = yes
winbind enum groups = yes
idmap config *:backend = tdb
idmap config *:range = 2000-9999
idmap config FACILITY : backend = ad
idmap config FACILITY : schema_mode = rfc2307
idmap config FACILITY : range = 10000-20000
load printers = No
use client driver = No
show add printer wizard = Yes
printcap cache time = 0
printcap name = cups
cups encrypt = No
cups connection timeout = 60
disable spoolss = No
min print space = 0
max reported print jobs = 0
max print jobs = 1000
print notify backchannel = No
printing = cups
cups options = raw
default devmode = Yes
force printername = Yes
printjob username = %U
lpq cache time = 30
spoolss: architecture = Windows x64
[netlogon]
path = /usr/local/samba/var/locks/sysvol/test.local/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
[home]
path = /home/samba/home
read only = No
[data]
comment = test share
path = /home/data
read only = no
vfs objects = recycle
recycle:directory_mode = 0770
recycle:subdir_mode = 0700
recycle:versions = Yes
recycle:keeptree = Yes
recycle:touch = Yes
recycle:repository = .recycle
[printers]
comment = All Printers
path = /var/spool/samba
create mask = 0700
browseable = yes
guest ok = no
printable = yes
create mode=0700
write list = administrator "@Domain Admins
[print$]
comment = Printer Drivers
path = /mnt/storage/printer_drivers
invalid users = qwerty
valid users = @"Domain Users"
admin users = @"Domain Admins"
write list = root administrator
writeable = Yes
read only = Yes
browseable = Yes
guest ok = Yes
create mask = 0660
create mask = 0644
force create mode = 0660
force directory mode = 0770
directory mask = 0755
acl_xattr:ignore system acl = yes
Reasonably Related Threads
Wisdom of the Ancients
