[Samba] Issues with Samba
John H Terpstra
jht at samba.org
Mon Dec 2 23:50:00 GMT 2002
On Tue, 3 Dec 2002, Jason Haar wrote:
> On Mon, Dec 02, 2002 at 11:32:55PM +0000, John H Terpstra wrote:
> > makes the user a member of the local workstation administrator group. You
> > may have to first create the policy editor template to do this. You then
> > place this NTCOnfig.POL file in the root of the "netlogon" share. Then
> > automatically, as the user logs on, he/she will gain local administrator
> > rights and privilidges.
>
> That doesn't really work does it? Basically an unpriviledged user runs a
> program, and suddenly they're local admin?!?!?
The user does NOT run a program. The NT/2K/XP logon process reads and
applies the contents of the NTConfig.POL to the .default user registry
contents. It can also change more permanent registry objects. With an NT4
style domain all security objects are stored in the registry.
To obtain more information on how NTCOnfig.POL functions you should refer
to (wait - not an advertisment for M$) the MS Windows NT/2K/XP Resource
Kit.
An alternative method is to make the "domain users" group a member of the
local Administrators group.
- John T.
--
John H Terpstra
Email: jht at samba.org
More information about the samba
mailing list