Over time I have ignored the fact that my AD administrator has stopped being able to administer. For example, the Ad administrator cannot install drivers or updates. Once a week now, I logout as workstation user and login as the "local administrator" to install drivers or run windows updates (in today's case a printer driver on the workstation.) Does this falls into that "gray area" between Samba and Windows OS (10Pro)? I am not sure where to post questions so, I am starting here. This seems to be a AD administrator permissions issue? Anyone else having this experience? Thoughts on how to correct this? -- Thank you. Bob Wooden
On Monday, 11 March 2019 07:34:41 PDT Robert Wooden via samba wrote:> Over time I have ignored the fact that my AD administrator has stopped > being able to administer. For example, the Ad administrator cannot install > drivers or updates. Once a week now, I logout as workstation user and login > as the "local administrator" to install drivers or run windows updates (in > today's case a printer driver on the workstation.) > > Does this falls into that "gray area" between Samba and Windows OS (10Pro)? > I am not sure where to post questions so, I am starting here. > > This seems to be a AD administrator permissions issue? Anyone else having > this experience? Thoughts on how to correct this? > >Hiya, What we've been doing is simply adding AD users to the local administrators group on a given machine. That, of course, would not scale if your problem is to grant a single AD user administrative privileges on a whole fleet instead of our use case of giving individual users local admin privileges on their individual machines. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: This is a digitally signed message part. URL: <http://lists.samba.org/pipermail/samba/attachments/20190312/8850d382/signature.sig>
Hi Robert,> Over time I have ignored the fact that my AD administrator has stopped > being able to administer. For example, the Ad administrator cannot install > drivers or updates. Once a week now, I logout as workstation user and login > as the "local administrator" to install drivers or run windows updates (in > today's case a printer driver on the workstation.) > > Does this falls into that "gray area" between Samba and Windows OS (10Pro)? > I am not sure where to post questions so, I am starting here. > > This seems to be a AD administrator permissions issue? Anyone else having > this experience? Thoughts on how to correct this?The administrator users is not necessarily local admin on workstation (and actually it shouldn't for security reasons). However it is the default setup if one has not messed up with the configuration. By default "local administrators" group on a workstation has "domain admins" as a member, and "domain admins" has "administrator" account as a member. So I guess you should check the membership of your "local administrators" group on your win10. Cheers, Denis>-- Denis Cardon Tranquil IT 12 avenue Jules Verne (Bat. A) 44230 Saint Sébastien sur Loire (FRANCE) tel : +33 (0) 240 975 755 http://www.tranquil.it Tranquil IT recrute! https://www.tranquil.it/nous-rejoindre/ Samba install wiki for Frenchies : https://dev.tranquil.it WAPT, software deployment made easy : https://wapt.fr
Maybe Matching Threads
- samba-tool group removemembers, not working
- Disabling or deleting domain "Administrator" account
- SCCM and other MS tools compatibility with Samba 4.x.x (Functional level 2008R2)
- Moving Samba AD DC from one VM host to another: Preauthentication failed
- Detect version of smb being employed