[Samba] Appropriate privileges of users on Win clients
dkrnic at lycos.com
Thu Jan 16 11:58:01 GMT 2003
when I first switched my users from a Win2K advanced server
to samba I included the group of "Authenticated users" in
the local group "Administrators" on all clients as a quick
fix for the unexpected gotcha that all of a sudden after
switching to samba no one had any privileges to change any
of the optional properties of the Desktop, the Taskbar or
the Explorer. The dialog boxes accept all changes as if
it's perfectly legitimate and then nothing changes and
nothing ever gets saved in the profile.
Giving all domain users administrative privileges on clients
they're currently logged on to is great. Everything works,
people are conscientious about the awesome powers they've
been granted, the hot-line calls are greatly reduced etc.
etc. but the destructive potential, by genuine mistake or
malicious intent, cannot be ignored. Unfortunately no other
configuration I tested gives anything like usual Win user privileges.
These additional groups:
Everyone, Authenticaed Users, Anonymous Logins, Batch,
Creators-Owners, Creators, Dialups, Interactives,
Network Users, Services, Systems,
can be added to these locally defined groups:
Administrators, Users, Guests, Main Users,
Replication Operators, Backup Operators, Debugger Users.
Default Win2K configuration has Administrator and
DOMAIN\Administrator in Administrators. Noone in Main Users
and only <DOMAIN>\Domain Users in Users. However there is
no explicit group "Domain Users" on the Linux Samba server,
and even if I rechristen users into "Domain Users" it
I must be doing something trivially wrong. Can anyone help?
PS: samba 2.2.7a PDC under SuSE 8.1 2.4.19-155
the group names are my free translation from German
not necessarily identical to English terms
Get 25MB, POP3, Spam Filtering with LYCOS MAIL PLUS for $19.95/year.
More information about the samba