Even though Samba doesn't use all of the NT privileges, does it allow assigning them to domain users or groups? I.e. this list: |Group Policy Name |Constant Name | |Access this computer from the network |SeNetworkLogonRight | |Access Credential Manager as a trusted |SeTrustedCredManAccessPrivilege | |caller | | |Act as part of the operating system |SeTcbPrivilege | |Add workstations to domain |SeMachineAccountPrivilege | |Adjust memory quotas for a process |SeIncreaseQuotaPrivilege | |Allow log on locally |SeInteractiveLogonRight | |Allow log on through Terminal Services |SeRemoteInteractiveLogonRight | |Back up files and directories |SeBackupPrivilege | |Bypass traverse checking |SeChangeNotifyPrivilege | |Change the system time |SeSystemtimePrivilege | |Change the time zone |SeTimeZonePrivilege | |Create a pagefile |SeCreatePagefilePrivilege | |Create a token object |SeCreateTokenPrivilege | |Create global objects |SeCreateGlobalPrivilege | |Create permanent shared objects |SeCreatePermanentPrivilege | |Create Symbolic Links |SeCreateSymbolicLinkPrivilege | |Debug programs |SeDebugPrivilege | |Deny access to this computer from the |SeDenyNetworkLogonRight | |network | | |Deny access to this computer from the |SeDenyBatchLogonRight | |network | | |Deny log on as a service |SeDenyServiceLogonRight | |Deny log on locally |SeDenyInteractiveLogonRight | |Deny log on through Terminal Services |SeDenyRemoteInteractiveLogonRight| |Enable computer and user accounts to be |SeEnableDelegationPrivilege | |trusted for delegation | | |Force shutdown from a remote system |SeRemoteShutdownPrivilege | |Generate security audits |SeAuditPrivilege | |Impersonate a client after authentication|SeImpersonatePrivilege | |Increase a process working set |SeIncreaseWorkingSetPrivilege | |Increase scheduling priority |SeIncreaseBasePriorityPrivilege | |Load and unload device drivers |SeLoadDriverPrivilege | |Lock pages in memory |SeLockMemoryPrivilege | |Log on as a batch job |SeBatchLogonRight | |Log on as a service |SeServiceLogonRight | |Manage auditing and security log |SeSecurityPrivilege | |Modify an object label |SeRelabelPrivilege | |Modify firmware environment values |SeSystemEnvironmentPrivilege | |Perform volume maintenance tasks |SeManageVolumePrivilege | |Profile single process |SeProfileSingleProcessPrivilege | |Profile system performance |SeSystemProfilePrivilege | |Remove computer from docking station |SeUndockPrivilege | |Replace a process level token |SeAssignPrimaryTokenPrivilege | |Restore files and directories |SeRestorePrivilege | |Shut down the system |SeShutdownPrivilege | |Synchronize directory service data |SeSyncAgentPrivilege | |Take ownership of files or other objects |SeTakeOwnershipPrivilege | When I look at the "net sam rights" command -- I see no way to assign the privilege, but for Samba to act as a PDC, shouldn't it be able to manage all of the rights/priviledges even if it doesn't use them itself? How difficult would it be to manipulate the bits if the actual privs system is already in place? Linda