[Samba] local user admin rights on samba pdc

Raj Saxena rajan at ipisland.com
Sun Mar 16 20:28:47 GMT 2003

    I will give this a shot and let everyone know. Yeah for most users it is
ok but some scientific software especially when they look up license keys
are really bad.



-----Original Message-----
From: samba-bounces+rajan=ipisland.com at lists.samba.org
[mailto:samba-bounces+rajan=ipisland.com at lists.samba.org]On Behalf Of
Ulrich Kohlhase
Sent: Sunday, March 16, 2003 9:34 AM
To: samba at lists.samba.org
Subject: Re: [Samba] local user admin rights on samba pdc


> I have noticed that it is causing a problem for some other software
> also. I know that i need to grant local admin rights for that user
> but what is the best method on doing this?
> If I try to access softare by logging in as root on the win2k boxon
> the pdc domain it still prevents me from installing a palm pilot or
> running some particular software.
> All of the software that needs some sort of admin priveledges work
> fine if you logon as administrator to the local machine.

Domain users are common users with limited privileges. This is by design and
affects pure Windows domains also. Several non MS software products are
written pretty badly and rely on changes to be written to system registry
but common users usually do not have permission to alter registry keys. You
need to change the registry keys in question in order to get your "special"
software to work properly for local common users and domain users.

Get regmon, a nice tool to monitor registry access at
- login as domain user
- runas /user:administrator regmon
- change regmon's filter to include "ACCDENIED"
- start palm software as usual and watch the ACCDENIED flying by :-)
- double click on one of the ACCDENIED entries and change security settings
for the registry key

This is a tedious and time consuming approach to fix one or the other
software package, but at least the only reliable method I know of. You may
want to try to add the domain users group to the local power user group -
didn't work for us at that time. Things might change when Samba 3.0 is
released and group mapping support will be available (?)

Good luck,

To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.461 / Virus Database: 260 - Release Date: 3/10/2003

Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.461 / Virus Database: 260 - Release Date: 3/10/2003

More information about the samba mailing list