On 2/21/2006 Augusto Flavio (aflavio@gmail.com) wrote:> The machine joins with no problems in the domain. But
> the all users of the domain don`t have permission to
> shutdown, restart and any other operation that a
> "administrator" have.
You're thinking in Unix/Linux terms. A normal user on a windows
workstation DOES have the ability to shutdown/restart the windows system.
> Look this text that i found on samba.org(how to):
>
> "When a Windows NT4 (or later) client joins a domain,
> the domain global Domain Admins group is added to the
> membership of the local Administrators group on the
> client. Any user who is a member of the domain global
> Domain Admins group will have administrative rights on
> the Windows client." (chapter 14. What Rights and
> Privileges Will Permit Windows Client Administration?)
>
> What i need to do for the users of samba(smbpasswd)
> have permission of a local administrator?
This is really a bad idea, and it may not fix your problem anyway.
It is not necessary for a user to have Local Administrative privleges to
shutdown or restart a workstation, so your problem is elsewhere.
What I do is add each User to their workstation as a Domain User, and
make them a member of the Power Users Group. Alternatively (less
administration), you could add the 'Domain Users' group to the
'Power
Users' group on each Local computer - that way each Domain User is
automatically given Power User rights on the local computer, instead of
normal Users rights (which is the default). The difference is, if you do
it by Group, then any User can log in and have Power User privs at any
workstation. Doing it on a per user basis, if any other user logs in at
that workstation, they only have normal user privleges.
Unless, of course, you really want to lock them down, in which case
don't do anything - the 'Domain Users' group is automatically a
member
of the local computers 'Users' group when the computer is joined to the
domain (but you will most likely get complaints, and some software won't
run properly without Power User privs).
--
Best regards,
Charles