[Samba] After Upgrading to rc4 (and still with 3.0.0) havingGroupmap problems.

John H Terpstra jht at samba.org
Sun Sep 28 01:04:39 GMT 2003


On Sat, 27 Sep 2003, Chris Smith wrote:

> On Saturday 27 September 2003 15:00, John H Terpstra wrote:
> > On each workstation make the Domain Admins group a member of the local
> > Administrators group.
>
> John, I'm missing the point here as this shouldn't be necessary at all. The
> only reason to add someone to the local Administrators group (outside of
> using the system w/o DC control) would be to elevate an individual with less
> then admin privileges granted by the DC to full admin privileges on a per
> system basis. Domain Admins should automatically be granted admin privileges
> on any system relying on the DC for authentication.

Chris,

The only way that a domain user can gain admin priviliges ona domain
member workstation is through domain users or domain groups being made
members of a local workstation group that has sufficient rights and
privilige to do what needs to be done.

You are correct that the Domain Admins group should automatically become a
member of the local Administrators group when a workstation or server
becomes a domain member.

Normal users are of course not members of the Domain Admins group by
default. By default a normal domain user has no rights on a workstation
except as permitted by the permissions and rights afforded by whatever
group the domain user is in, and the resulting rights that user has on the
workstation.

- John T.
-- 
John H Terpstra
Email: jht at samba.org



More information about the samba mailing list