[Samba] Re: Windows domain group policies

shrek-m at gmx.de shrek-m at gmx.de
Sun Jun 22 02:27:57 GMT 2003 

Thomas Angst schrieb:

> Well, I can't tell you that, cause I don't have any one :(
> If I ask a Windows administrator, he can tell me only on which button he 
> is clicking and not what exactly  the mechanism is. But I can not 
> understand why nobody else has the same question.
> It is a lot of work if you have to put all the users on each machine to 
> the desired group.
> If I can reach one of the Windows administrators then I will ask him 
> which colorful button he is pressing to spend a domain user to a group :)



do you mean ?


start / programs / management / active-directory-user-computer

for administrators go_to
   "builtin" and add the user

for domain-administrators go_to
   "user" domain-admins and add the user

or go_to the user [member of] and add him to the groups


or eg.
c:\> net group
c:\> net group domain-admins user1 /add
c:\> net group gg-test1 user1 /add


i have no experiences with samba as pdc / ads-domain-controller
can samba handle the different groups ?
   local-groups, global-groups, universal-groups
and *master-roles ?
   eg. in german "betriebsmaster"


can samba handle the m$-group-concept ?

you should ever create  local-groups *and* global-groups
throw the users into the global group
bind the permissions on to the local-group
do not forget to throw the gg into_the lg

A->G->L->P

eg.
user1,user2, ...  member_of  gg-what_you_need
gg-what_you_need  member_of  lg-what_you_need
lg-what_you_need  has_permissons on ressource what_you_have


user1,user2,user3 -> gg-test1 -> lg-test1 -> /path/to/test1
user1,user4,user5 -> gg-test2 -> lg-test2 -> /path/to/test2



thanks



> John H Terpstra schrieb:
> 
>>> What I really want is to tell each client, that this user is an
>>> Administrator or is member of an other group I created for w2k clients.
>>> But all users are per default set to the standard user group. How can I
>>> set the membership of specific users to another w2k group?
>>>   
>>
>>
>> Please explain how you would do this in Windows 2000 Advanced Server so
>> that I can get an idea of what we need to do to allow this to be done in
>> Samba.

-- 
shrek-m

More information about the samba mailing list