Update:
I have revoked the privilege to BUILIN\Administratos. As before, no root
mapping.
root at member:/# net rpc rights revoke "BUILTIN\Administrators"
SeDiskOperatorPrivilege -U "MAD\luis"
Password for [MAD\luis]:
Successfully revoked rights.
root at member:/# net rpc rights list privileges SeDiskOperatorPrivilege -Uluis
Password for [MAD\luis]:
SeDiskOperatorPrivilege:
Reboot. Or else 'net cache flush && /etc/init.d/winbind restart
&& /etc/init.d/smbd restart'
I have delete and re-created the folder for there share (/test), chown
luis:?unix admins?, and chmod 0770
I still can set up the share from Windows no problem.
LP
On Jun 9, 2024 at 17:13 +0100, Rowland Penny via samba <samba at
lists.samba.org>, wrote:>
>
> Now what does this mean ? As you have proved, by default,
> BUILTIN\Administrators has the SeDiskOperatorPrivilege and guess what
> group is a default member of BUILTIN\Administrators, yes, it's Domain
> Admins. this means you do not have to give Domain Admins the
> SeDiskOperatorPrivilege, it already gets it from BUILTIN\Administrators.
>
> I will update the wikipage.
>
>