[Samba] Appropriate privileges of users on Win clients

Dragan Krnic dkrnic at lycos.com
Thu Jan 16 11:58:01 GMT 2003

Hi Everyone,

when I first switched my users from a Win2K advanced server
to samba I included the group of "Authenticated users" in
the local group "Administrators" on all clients as a quick 
fix for the unexpected gotcha that all of a sudden after 
switching to samba no one had any privileges to change any 
of the optional properties of the Desktop, the Taskbar or 
the Explorer. The dialog boxes accept all changes as if
it's perfectly legitimate and then nothing changes and 
nothing ever gets saved in the profile.

Giving all domain users administrative privileges on clients
they're currently logged on to is great. Everything works,
people are conscientious about the awesome powers they've 
been granted, the hot-line calls are greatly reduced etc. 
etc. but the destructive potential, by genuine mistake or 
malicious intent, cannot be ignored. Unfortunately no other 
configuration I tested gives anything like usual Win user privileges.

These additional groups:
   Everyone, Authenticaed Users, Anonymous Logins, Batch,
   Creators-Owners, Creators, Dialups, Interactives,
   Network Users, Services, Systems,

can be added to these locally defined groups:
   Administrators, Users, Guests, Main Users,
   Replication Operators, Backup Operators, Debugger Users.

Default Win2K configuration has Administrator and
DOMAIN\Administrator in Administrators. Noone in Main Users
and only <DOMAIN>\Domain Users in Users. However there is
no explicit group "Domain Users" on the Linux Samba server,
and even if I rechristen users into "Domain Users" it
doesn't matter.

I must be doing something trivially wrong. Can anyone help?


PS: samba 2.2.7a PDC under SuSE 8.1 2.4.19-155
    the group names are my free translation from German
    not necessarily identical to English terms

Get 25MB, POP3, Spam Filtering with LYCOS MAIL PLUS for $19.95/year.

More information about the samba mailing list