NT registry Permission problem

Zhi-Wei Lu zwluxx at chopin.cipic.ucdavis.edu
Fri Feb 11 20:39:13 GMT 2000 

I have finally figured out the problem. I think that it is due mainly
to NT rather than the SAMBA server.  I have to delete the local profile
on each NT machine and the NTUSER.DAT on the roaming profile.  After I
rejoin the samba controlled domain (2.0.6), I have the proper 
registry permission now.  Apparently that when you rejoin a domain or
join a new domain (in my case, all samba controlled), the local profile
and the roaming profile conflicts with each other, user ends up with
crippled privilege.  Thanks for all your help, especially Phil Mayers'
post on NTuser.dat file which shed some light on my problem.


-- 
Zhi-Wei Lu 		
CIPIC (Center for Image Processing and Integrated Computing)
UC Davis 	  	Phone:	(530)-752-0494
Davis, CA 95616		Fax:   	(530)-752-8894

> *sigh* ok.  i h ave some suspicions about where this is to be dealt with:
> in the "Other SIDS" part of the NET_USER_INFO_3.
> 
> ok.  at line 824 of rpc_server/srV_netlog.c, there is an argument "other
> sids" to init_net_user_ionfo3().
> 
> can you make this "S-1-1-0" -- the "everyone" SID, and see what happens.
> please bear in mind that this may result in everyone being allowed access
> to the logged-in-user's desktop, user-profile, whatever, i really don't
> know.
> 
> so be careful.
> 
> On Sat, 12 Feb 2000, Burt Avery wrote:
> 
> > That parallels the origin of the locked HKCU problem I have been seeing
> > that causes the Tips and IE4Tour to run as if for the initial user startup.
> > User account had no access to rewrite any component of HKCU.
> > 
> > -ba-
> > 
> > At 10:25 AM 2/11/2000 +1100, Thien Vu wrote:
> > >I have confirmed that I have the same problem with non-admin users. Does 
> > >anyone know of a fix for this problem?? It prevents several of my users from 
> > >having any preferences saved, setting a default printer and other several 
> > >critical issues.
> > >
> > >Seems to be a very serious problem. I ran regedt32 and looked at the 
> > >permissions on HKEY_CURRENT_USERS hive, and Everyone has READ permission, 
> > >but only System and the Local Administrator has FULL CONTROL. I will try to 
> > >set this hive to allow Everyone to have FULL CONTROL because this hive gets 
> > >dumped back to the NTUSER.DAT file in the profiles right??
> > >
> > >Thien Vu
> > >
> > >
> > >>From: Zhi-Wei Lu <zwluxx at chopin.cipic.ucdavis.edu>
> > >>Reply-To: zwluxx at chopin.cipic.ucdavis.edu
> > >>To: Multiple recipients of list SAMBA-NTDOM <samba-ntdom at samba.org>
> > >>Subject: NT registry Permission problem
> > >>Date: Thu, 10 Feb 2000 11:42:32 +1100
> > >>
> > >>Dear Samba gurus,
> > >>
> > >>I have been running samba Head-branch for over half year.  I am running the
> > >>PDC on an SGI IRIX 6.5.6m O2 macine.  I downloaded and compiled the
> > >>head-branch code on July 23, 1999.  The samba PDC had been running just 
> > >>fine
> > >>until recently, I noticed that the smbd leaks memory very quickly.
> > >>
> > >>I downloaded the latest CVS head-branch on Feb. 2 and compiled the code, 
> > >>the
> > >>PDC will let NT domain users to log into the NT machine, but it failed to
> > >>grant them the privilege to write to local user registry, such as adding
> > >>a new key in HKEY_CURRENT_USER\Software. Therefore, many programs do not
> > >>work right at all. I then switched to the main branch 2.0.6,
> > >>the same problem happened too (Of course, I have to rejoin the samba domain
> > >>for an NT worstation).  I am using the same smb.conf file for all three
> > >>cases.
> > >>
> > >>I have set up a test domain to test the 2.0.6 on SGI, digital UNIX, and
> > >>on Linux machines.  I have encountered similar problems consisntly.  I 
> > >>still
> > >>havn't tracked down to the root of the problem.  Do anybody experience
> > >>similar problem?
> > >>
> > >>Thank you for your help in advance.
> > >>
> > >>Zhi-Wei Lu
> > >>CIPIC (Center for Image Processing and Integrated Computing)
> > >>UC Davis                Phone:  (530)-752-0494
> > >>Davis, CA 95616         Fax:    (530)-752-8894
> > >
> > >______________________________________________________
> > >Get Your Private, Free Email at http://www.hotmail.com
> > >
> > >
> > >
> > 
> > 
> > Burt Avery
> > Computer Systems Engineer
> > LSP
> > Department of Biomedical Engineering
> > University of Virginia
> > Charlottesville, VA 22908
> > 804-924-8065 (w)
> > 804-245-5813 (h)
> > 
> 
> <a href="mailto:lkcl at samba.org" > Luke Kenneth Casson Leighton    </a>
> <a href="http://cb1.com/~lkcl"  > Samba and Network Development   </a>
> <a href="http://samba.org"      > Samba Web site                  </a>
> <a href="http://www.iss.net"    > Internet Security Systems, Inc. </a>
> <a href="http://mcp.com"        > Macmillan Technical Publishing  </a>
>  
> ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals
>

More information about the samba-ntdom mailing list