Dirk.Laurenz@fujitsu-siemens.com
2005-Sep-01 14:39 UTC
AW: [Samba] Administrators and Users Rights for Windows workstations
Hi,
it's simple:
1.) put all users in YOURDOMAIN\Domain Users or YOURDOMAIN\Workstation Admins or
what you would like
2.) put this group (YOURDOMAIN\Domain Users, YOURDOMAIN\Workstation Admins) into
the local group
Administrators of each Workstation (you may use vbscript to automate
this...)
Mit freundlichem Gru?,
Dirk Laurenz
Systems Engineer
PSO - Professional Service Organisation
Fujitsu Siemens Computers
Hildesheimer Strasse 25
30880 Laatzen
Germany
Telephone: +49 (511) 84 89 - 18 08
Telefax: +49 (511) 84 89 - 25 18 08
Mobile: +49 (170) 22 10 781
Email: mailto:dirk.laurenz@fujitsu-siemens.com
Internet: http://www.fujitsu-siemens.com
http://www.fujitsu-siemens.de/rl/servicesupport/itdienstleistungen/competencecenter.html
*******************************************************************************************************************
________________________________
Von: samba-bounces+dirk.laurenz=fujitsu-siemens.com@lists.samba.org im Auftrag
von Edgar Fonseca
Gesendet: Do 01.09.2005 16:23
An: samba@lists.samba.org
Betreff: [Samba] Administrators and Users Rights for Windows workstations
Hello,
I having a problem with rights in Windows workstations. I want that all
users can be administrators of yours stations when they are logged in your
stations, but I don't want that they can see the share C$ of other stations.
They can see this because they are administrators of the domain.
They have primary group "Domain Admins". If I try put the users on
"Administrators" group, they can't logon. If I try put them on
"Domain
Users" group, they aren't administrators. If I put them in
"Administrators"
(primary group) and "Domain Users", they aren't administrators.
The only
possibility for the users log as administrators is that they are inserted in
"Domain Admins" group.
The problem is the C$. We thinking about use a script to remove this share
from Windows, but I'm not sure about if this solution is the best.
Does someone know about any solution for this problem?
I'm using samba 3.0.14 + LDAP
Thanks
Edgar
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
<https://pdbvpn1.fujitsu-siemens.com/https/0/lists.samba.org/mailman/listinfo/samba>
Edgar Fonseca
2005-Sep-01 19:45 UTC
[Samba] Administrators and Users Rights for Windows workstations
Hi, When the users are in Administrators group, they can map the C$ of all domain, even if they doesn't in "Domain Admins" group. Is it correct? If it's correct, I can't do this, because they can map. But your idea can be used on Power Users (I think). Because I don't want that the users be administrators, I want that they can do administratives works (example: install programs). I hadn't explain right, sorry. I was talking about it with other frinds, I think that other solution is put the users on "Domain Users" group and run a .reg , built with poledit, for push this file and give permission of install and others (many others) to users. Edgar 2005/9/1, Dirk.Laurenz@fujitsu-siemens.com <Dirk.Laurenz@fujitsu-siemens.com>: > > Hi, > it's simple: > 1.) put all users in YOURDOMAIN\Domain Users or YOURDOMAIN\Workstation > Admins or what you would like > 2.) put this group (YOURDOMAIN\Domain Users, YOURDOMAIN\Workstation > Admins) into the local group > Administrators of each Workstation (you may use vbscript to automate > this...) > Mit freundlichem Gru?, > > > Dirk Laurenz > Systems Engineer > PSO - Professional Service Organisation > Fujitsu Siemens Computers > Hildesheimer Strasse 25 > 30880 Laatzen > Germany > Telephone: +49 (511) 84 89 - 18 08 > Telefax: +49 (511) 84 89 - 25 18 08 > Mobile: +49 (170) 22 10 781 > Email: mailto:dirk.laurenz@fujitsu-siemens.com<dirk.laurenz@fujitsu-siemens.com> > Internet: http://www.fujitsu-siemens.com<http://https/0/webmail.abg.fsc.net/exchweb/bin/redir.asp?URL=http://www.fujitsu-siemens.com> > http://www.fujitsu-siemens.de/rl/servicesupport/itdienstleistungen/competencecenter.html<http://https/0/webmail.abg.fsc.net/exchweb/bin/redir.asp?URL=http://www.fujitsu-siemens.de/rl/servicesupport/itdienstleistungen/competencecenter.html> > > ******************************************************************************************************************* > > ------------------------------ > *Von:* samba-bounces+dirk.laurenz=fujitsu-siemens.com@lists.samba.org im > Auftrag von Edgar Fonseca > *Gesendet:* Do 01.09.2005 16:23 > *An:* samba@lists.samba.org > *Betreff:* [Samba] Administrators and Users Rights for Windows > workstations > > Hello, > > I having a problem with rights in Windows workstations. I want that all > users can be administrators of yours stations when they are logged in your > stations, but I don't want that they can see the share C$ of other > stations. > They can see this because they are administrators of the domain. > They have primary group "Domain Admins". If I try put the users on > "Administrators" group, they can't logon. If I try put them on "Domain > Users" group, they aren't administrators. If I put them in > "Administrators" > (primary group) and "Domain Users", they aren't administrators. The only > possibility for the users log as administrators is that they are inserted > in > "Domain Admins" group. > The problem is the C$. We thinking about use a script to remove this share > from Windows, but I'm not sure about if this solution is the best. > Does someone know about any solution for this problem? > > I'm using samba 3.0.14 + LDAP > > Thanks > > Edgar > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > <https://pdbvpn1.fujitsu-siemens.com/https/0/lists.samba.org/mailman/listinfo/samba> >