FW: Speed comp. TNG & 2.2.alpha (fwd)
Luke Kenneth Casson Leighton
lkcl at samba-tng.org
Mon Mar 12 11:51:27 GMT 2001
there is a way to deal with this.
you have to create an alias on the local workstation.
make this alias the owner of the files.
then, make a domain group and place the domain user that needs to access /
own that file in it.
then, make the domain group a member of the workstation alias.
oh, and remember to add local admin to the workstation alias, as well.
and maybe a local workstation user, too.
when the workstation is no longer a member of the domain, the files will
not get "unknown account" and be inaccessible.
also, the local workstation user - _especially_ if the domain is
unavailable [e.g. it's a portable, and it's gone home!] can still access
the files.
this is a standard [if advanced] nt domain technique, and is the whole
purpose behind aliases and why they were created.
luke
p.s. you will need to think through the security implications of all this:
you're on your own, there :)
On Mon, 5 Mar 2001, markus stephany wrote:
> Hello Sander,
>
> Monday, March 05, 2001, 7:14:17 PM, you wrote:
>
> SS> [...]
> >> Bad, there's no "nobody"-SID on NT...
>
> SS> What's the SID for the default 'guest' account on NT?
>
> SS> Sander
>
>
> sfmji, but i think nt can handle this; after removing a workstation
> from a domain there are 'unknown account' entries in the acl-dialog
> of files that e.g. have been owned by a domain user.
>
> --
> rgds, markus stephany
> ==================================================
>
> mailto:merkes at t-online.de
> http://www.mirkes.de
>
> ==================================================
> pgp fingerprint:
> 80F7 43D2 EDB9 CB98 3AF4 AA90 89D3 74CA 1662 1990
>
>
>
>
>
----- Luke Kenneth Casson Leighton <lkcl at samba-tng.org> -----
"i want a world of dreams, run by near-sighted visionaries"
"good. that's them sorted out. now, on _this_ world..."
More information about the samba-ntdom
mailing list