Raj,> I have noticed that it is causing a problem for some other software > also. I know that i need to grant local admin rights for that user > but what is the best method on doing this? > If I try to access softare by logging in as root on the win2k boxon > the pdc domain it still prevents me from installing a palm pilot or > running some particular software. > All of the software that needs some sort of admin priveledges work > fine if you logon as administrator to the local machine.Domain users are common users with limited privileges. This is by design and affects pure Windows domains also. Several non MS software products are written pretty badly and rely on changes to be written to system registry but common users usually do not have permission to alter registry keys. You need to change the registry keys in question in order to get your "special" software to work properly for local common users and domain users. Get regmon, a nice tool to monitor registry access at http://www.sysinternals.com/ntw2k/source/regmon.shtml and - login as domain user - runas /user:administrator regmon - change regmon's filter to include "ACCDENIED" - start palm software as usual and watch the ACCDENIED flying by :-) - double click on one of the ACCDENIED entries and change security settings for the registry key This is a tedious and time consuming approach to fix one or the other software package, but at least the only reliable method I know of. You may want to try to add the domain users group to the local power user group - didn't work for us at that time. Things might change when Samba 3.0 is released and group mapping support will be available (?) Good luck, Uli
Uli,
I will give this a shot and let everyone know. Yeah for most users it is
ok but some scientific software especially when they look up license keys
are really bad.
Thanks,
Raj
-----Original Message-----
From: samba-bounces+rajan=ipisland.com@lists.samba.org
[mailto:samba-bounces+rajan=ipisland.com@lists.samba.org]On Behalf Of
Ulrich Kohlhase
Sent: Sunday, March 16, 2003 9:34 AM
To: samba@lists.samba.org
Subject: Re: [Samba] local user admin rights on samba pdc
Raj,
> I have noticed that it is causing a problem for some other software
> also. I know that i need to grant local admin rights for that user
> but what is the best method on doing this?
> If I try to access softare by logging in as root on the win2k boxon
> the pdc domain it still prevents me from installing a palm pilot or
> running some particular software.
> All of the software that needs some sort of admin priveledges work
> fine if you logon as administrator to the local machine.
Domain users are common users with limited privileges. This is by design and
affects pure Windows domains also. Several non MS software products are
written pretty badly and rely on changes to be written to system registry
but common users usually do not have permission to alter registry keys. You
need to change the registry keys in question in order to get your
"special"
software to work properly for local common users and domain users.
Get regmon, a nice tool to monitor registry access at
http://www.sysinternals.com/ntw2k/source/regmon.shtml
and
- login as domain user
- runas /user:administrator regmon
- change regmon's filter to include "ACCDENIED"
- start palm software as usual and watch the ACCDENIED flying by :-)
- double click on one of the ACCDENIED entries and change security settings
for the registry key
This is a tedious and time consuming approach to fix one or the other
software package, but at least the only reliable method I know of. You may
want to try to add the domain users group to the local power user group -
didn't work for us at that time. Things might change when Samba 3.0 is
released and group mapping support will be available (?)
Good luck,
Uli
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.461 / Virus Database: 260 - Release Date: 3/10/2003
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.461 / Virus Database: 260 - Release Date: 3/10/2003
We have weird problems with several software packages if domain users are not part of the local machine's power users group. I've taken to adding the 'authenticated users' local group to the 'power users' local group. Under Win 2K Open the 'users and passwords' control panel, go to the 'advanced' tab and click on the 'advanced' button. Now open the 'groups' folder and double click on the 'power users' group. Click on the 'add' button to open up the window that allows this manipulation (you may need to set the pull down menu to look at the local machine, rather than at the Domain) double click on the 'authenticated users' and click 'OK' Now any domain user is a power user on that machine Under XP Pro Open 'user accounts' control panel, go to the 'advanced' tab and click on the 'advanced' button. Now open the 'groups' folder and double click on the 'power users' group. Click on the 'add' button. Click on the 'Location' button to set the location to be the local PC (NOT the Samba domain). Now click the 'advanced' button. Now click the 'Find now' button. Click on 'Authenticated users' and click OK. Click OK two more times to finish up. Now all domain users are power users.