svn commit: samba r6008 - in trunk/source/rpc_server: .
Gerald (Jerry) Carter
jerry at samba.org
Wed Mar 23 23:40:17 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 23 Mar 2005, John H Terpstra wrote:
> On Wednesday 23 March 2005 16:11, Gerald (Jerry) Carter wrote:
> > Simo Sorce wrote:
> > | I'm going to change the code to explicitly test for
> > | root or Domain Admins right now (should we test for
> > | BUTILIN/Administrators ? IMHO yes but maybe in future).
> >
> > Keep it simple for now. Just root and Domain Admins.
>
> I believe that full administrative privilege should be afforded by default to:
>
> 1. root and 'Domain Admins' on a stand-alone server
> 2. root and 'Domain Admins' on a DC
> 3. 'Domain\root', root, and 'Domain Admins' on all Domain Member
> Server/Clients
>
> The use of user rights and privileges should be necessary only for
> groups and users other than the above.
Let's keep it as local 'root' and whatever domain admins for whatever
domain we belong to (maybe our own). Easy to explain :-)
That's my litmus test.
If you make people create a DOMAIN\root in the Windows domain,
it will just get messy real quick.
cheer, jerry
=====================================================================
Alleviating the pain of Windows(tm) ------- http://www.samba.org
GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/
iD8DBQFCQf5iIR7qMdg1EfYRAoFpAKDPYXvkQHBM6F87Pt2UXxWhaM5XMwCg7SIh
tlDhWK1PBh5Nfjeb9N+v7Do=
=QqlY
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list