Hello, I recently moved a samba fileserver and PDC to a new server. Since then, all Windows Users have very limited permissions, not allowing changing even the time settings. Before moving the server, each windows user had the same rights as a "Standard User" or "Main User" (not sure about the english term, using a German windows. In German its called "Hauptbenutzer"). So, how do I change it back that all users have standard permissions again ? We also installed a W2003 Server in the network, but NOT working as a domain controller, we just needed a MS SQL Server. I hope that this server did not interfere somehow. Samba Config: http://www.pastebin.org/15766 master ~ # net groupmap list Domain Admins (S-1-5-21-4263839513-3419836531-2732121395-512) -> ntadmin Domain Guests (S-1-5-21-4263839513-3419836531-2732121395-514) -> nobody Domain Users (S-1-5-21-4263839513-3419836531-2732121395-513) -> users All Users I am talking about are in the Linux Groups "users". Any ideas ? -- www.stonki.de: the more I see, the more I know....... www.proftpd.de: Deutsche ProFTPD Dokumentation www.krename.net: Der Batch Renamer f?r KDE www.kbarcode.net: Die Barcode Solution f?r KDE
Stefan Onken wrote:> Hello, > > I recently moved a samba fileserver and PDC to a new server. Since > then, all Windows Users have very limited permissions, not allowing > changing even the time settings. Before moving the server, each > windows user had the same rights as a "Standard User" or "Main > User" (not sure about the english term, using a German windows. In > German its called "Hauptbenutzer"). So, how do I change it back > that all users have standard permissions again ? > > We also installed a W2003 Server in the network, but NOT working as > a domain controller, we just needed a MS SQL Server. I hope that > this server did not interfere somehow. > > Samba Config: > http://www.pastebin.org/15766 > > master ~ # net groupmap list > Domain Admins (S-1-5-21-4263839513-3419836531-2732121395-512) -> > ntadmin > Domain Guests (S-1-5-21-4263839513-3419836531-2732121395-514) -> > nobody > Domain Users (S-1-5-21-4263839513-3419836531-2732121395-513) -> > users > > All Users I am talking about are in the Linux Groups "users". > > Any ideas ? > >You probably want to make the "Domain Users" group a member of the local machine's "Power Users" or "Administrators" group (or "Hauptbenutzer" in your case). If you logon to each workstation as an administrator and run net localgroup "Power Users" "DOMAINNAME\Domain Users" /add You could make your users domain admins, but that would give them admin access to servers, etc as well which you probably don't want. *Michael Heydon - IT Administrator * michaelh@jaswin.com.au <mailto:michaelh@jaswin.com.au>
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Stefan Onken wrote:> Hello, > > I recently moved a samba fileserver and PDC to a new server. Since > then, all Windows Users have very limited permissions, not allowing > changing even the time settings. Before moving the server, each > windows user had the same rights as a "Standard User" or "Main > User" (not sure about the english term, using a German windows. In > German its called "Hauptbenutzer"). So, how do I change it back > that all users have standard permissions again ? > > We also installed a W2003 Server in the network, but NOT working as > a domain controller, we just needed a MS SQL Server. I hope that > this server did not interfere somehow. > > Samba Config: > http://www.pastebin.org/15766 > > master ~ # net groupmap list > Domain Admins (S-1-5-21-4263839513-3419836531-2732121395-512) -> > ntadmin > Domain Guests (S-1-5-21-4263839513-3419836531-2732121395-514) -> > nobody > Domain Users (S-1-5-21-4263839513-3419836531-2732121395-513) -> > users > > All Users I am talking about are in the Linux Groups "users". > > Any ideas ?A time change by default in Windows requires a user to be in the "Power Users" group. There is a group with normal access BELOW that level (whose name escapes me) that users end up in unless something special is done. Not sure if or how that helps you, but that's what I know. - -- ---- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Systems Programmer II |$&| |__| | | |__/ | \| _| |novosirj@umdnj.edu - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHjxH4mb+gadEcsb4RAkMKAKCpNgMagWFG/WiIv1Yv9Tt6/WVyQgCfZV1m 2wAGkLRoKtRacZZczKDLBbQ=CcvU -----END PGP SIGNATURE-----
Am Donnerstag, 17. Januar 2008 schrieb Ryan Novosielski:> A time change by default in Windows requires a user to be in the > "Power Users" group. There is a group with normal access BELOW > that level (whose name escapes me) that users end up in unless > something special is done.thanks. With the right mapping the users are now able to change the time... -- www.stonki.de: the more I see, the more I know....... www.proftpd.de: Deutsche ProFTPD Dokumentation www.krename.net: Der Batch Renamer f?r KDE www.kbarcode.net: Die Barcode Solution f?r KDE