FW: Speed comp. TNG & 2.2.alpha (fwd)

Luke Kenneth Casson Leighton lkcl at samba-tng.org
Mon Mar 12 11:51:27 GMT 2001

there is a way to deal with this.

you have to create an alias on the local workstation.

make this alias the owner of the files.

then, make a domain group and place the domain user that needs to access /
own that file in it.

then, make the domain group a member of the workstation alias.

oh, and remember to add local admin to the workstation alias, as well.
and maybe a local workstation user, too.

when the workstation is no longer a member of the domain, the files will
not get "unknown account" and be inaccessible.

also, the local workstation user - _especially_ if the domain is
unavailable [e.g. it's a portable, and it's gone home!] can still access
the files.

this is a standard [if advanced] nt domain technique, and is the whole
purpose behind aliases and why they were created.


p.s. you will need to think through the security implications of all this:
you're on your own, there :)

On Mon, 5 Mar 2001, markus stephany wrote:

> Hello Sander,
> Monday, March 05, 2001, 7:14:17 PM, you wrote:
> SS> [...]
> >> Bad, there's no "nobody"-SID on NT...
> SS> What's the SID for the default 'guest' account on NT?
> SS> Sander
> sfmji, but i think nt can handle this; after removing a workstation
> from a domain there are 'unknown account' entries in the acl-dialog
> of files that e.g. have been owned by a domain user.
> -- 
> rgds, markus stephany
> ==================================================
> mailto:merkes at t-online.de
> http://www.mirkes.de
> ==================================================
> pgp fingerprint: 
> 80F7 43D2 EDB9 CB98 3AF4  AA90 89D3 74CA 1662 1990

 ----- Luke Kenneth Casson Leighton <lkcl at samba-tng.org> -----

"i want a world of dreams, run by near-sighted visionaries"
"good.  that's them sorted out.  now, on _this_ world..."

More information about the samba-ntdom mailing list