my real problem is ntconfig.pol
Mike Brodbelt
m.brodbelt at acu.ac.uk
Fri Feb 26 15:04:33 GMT 1999
EFT.Eric Devolder wrote:
>
> Hello,
>
> Now I'm sure the ntconfig.pol is *really* downloaded to the NT box.
>
> The last problem is always: When logged with samba as PDC on the SAMBA
> domain, the user of the NT box can no more start or stop services, change
> local user config, and so on. My question is what do I have to incorporate
> into ntconfig.pol in order to allow this behavior ?
> Do I have to recreate entries in this file for each user and/or machine that
> logs in ? How can I do ? Please help !
This isn't really a Samba issue, it's just the same with an NT server.
An NT machine has a local SAM database where it stores user accounts. If
you make a user on the NT box a member of the Administrators group, they
gain admin rights to the box. The account with these rights will be
LOCALMACHINE\username. If you then make the machine a member of an NT
domain, the group DOMAIN\Domain Users will be added to
LOCALMACHINE\Users, and DOMAIN\Domain Administrators will be added to
LOCALMACHINE\Administrators.
If you have added user accounts so that the guy who previously logged in
as LOCALMACHINE\username now logs in as DOMAIN\username, then that
person will lose Admin rights to the local box, as DOMAIN\username is
*not* a member of the LOCALMACHINE\Administrators group. To change this,
run the User Manager on each NT workstation, and add the appropriate
domain user account to that workstation's local Administrators group.
This should fix your problem.
HTH
Mike.
More information about the samba-ntdom
mailing list