NTW 4.0 Workstation Admin Rights

James S.Seymour jseymour at LinxNet.com
Sun Nov 12 16:05:14 GMT 2000

jseymour at linxnet.com (Jim Seymour) wrote:
> "Roman, James (J.D.)" <jroman6 at ford.com> wrote:
> > 
> > As best as I can tell, 2.0.7 only provides you with one option for
> this type
> > of administration.  If you set the 
> > 
> > domain admin group = @unixgroupname
> > (make sure you have the @ sign)
> > 
> > This will allow everyone who logs in to the workstations to have
> local admin
> > rights.  ...
> [remainder snipped]
> > 

Just to close-up this thread (maybe), here's what I found works:

    1. Logged on as the *workstation* Admin account, gave the user
       workstation Admin rights.

    2. Logged on to the NT Domain account as the user, gave the user's
       *domain* account workstation Admin rights.

This gives the user, whether logged on under the workstation "domain"
or the NT Domain, workstation Admin rights.  Thus, server-based scripts
that set time, setup routing, etc. will work.  A down-side to this is
that you have to do it for each user on each workstation.

I suppose the other option might be to go the "domain admin group"
route, create an "administrator" user, and somehow get this stuff to
execute on boot as a service, or whatever.  I've done things like that
before, but don't recall exactly how I accomplished it.

Anyway, method #1 worked for me.  Of course, there are workstation
security implications.


Jim Seymour                  | PGP Public Key available at:
jseymour at jimsun.LinxNet.com  | http://www.cam.ac.uk.pgp.net/pgpnet/wwwkeys.html
http://jimsun.LinxNet.com    | http://www.trustcenter.de/cgi-bin/SearchCert.cgi

More information about the samba-ntdom mailing list