samba - Dec 2010 - Root Access forWindows Domain Admins

To put it simple id like to give our Domain Admins the same access to 
Samba shares that the root user has and havent had much luck doing this. 
Whenever I look this up I find that people are doing this different ways 
but none seem to work. The only other thing that ive seen people doing 
is adding a domain user to the sudoers list but that means the domain 
user has to be logged into the linux server and then elevate their 
privileges.

George

> To put it simple id like to give our Domain Admins the same access to 
> Samba shares that the root user has and havent had much luck doing 
> this. Whenever I look this up I find that people are doing this 
> different ways but none seem to work. The only other thing that ive 
> seen people doing is adding a domain user to the sudoers list but that 
> means the domain user has to be logged into the linux server and then 
> elevate their privileges.
You may in fact be talking about different things, but the main ones I 
can remember now are:

Admin rights at share level (can also be used as a global parameter)

In smb.conf:

admin users = "@[yourdoamin]\Domain Admins"

If you are talking about privileges:

net rpc rights list
net rpc rights grant

The possible privileges are:

SeMachineAccountPrivilege    Add machines to domain
SeTakeOwnershipPrivilege Take ownership of files or other objects
SeBackupPrivilege  Back up files and directories
SeRestorePrivilege  Restore files and directories
SeRemoteShutdownPrivilege  Force shutdown from a remote system
SePrintOperatorPrivilege  Manage printers
SeAddUsersPrivilege  Add users and groups to the domain
SeDiskOperatorPrivilege  Manage disk shares
SeSecurityPrivilege  Manage auditing and security log

For example:

net rpc rights grant "Domain Admins" SeMachineAccountPrivilege