[Samba] Sync win2k local user list with samba user list

Andrew Bartlett abartlet at samba.org
Sun Feb 15 02:19:38 GMT 2004 

On Sun, 2004-02-15 at 13:04, Paul Espinosa wrote:
> .----[ John H Terpstra wrote ]----
> >
> > Sun, 15 Feb 2004 01:36:08 +0000 (GMT)
> >
> > On Sat, 14 Feb 2004 et at chaossphere.net wrote:
> > 
> > > Hi all,
> > >
> > > I want to be able to at logon sync the windows 2000 userlist with the
> > > samba user list, so that each user that is added to the samba server is
> > > automatically added to each workstation with appropriate permisions ie
> > > admin, power users, etc. Is it possible to do this and if so how.
> > > I am running latest samba as PDC with roaming profiles.
> > 
> > Why in goodness name would you want to add accounts to workstations that
> > already exist on the server? The whole purpose of having domain accounts
> > is so that you do not need user accounts on the individual workstations.
> > 
> > Baffled! ????
> 
> I think what's he's saying is adding a local domain user to a box in order
> to upgrade permissions.  In other words have "Bob" have a domain logon, but
> also be able to be a local admin for the Windows box.

Indeed, this is quite a common setup.

> > 
> > > Any help is greatly appreciated
> > 
> > Avoid pain! Do NOT have local workstation accounts. Instead, use domain
> > accounts.
> > 
> > 
> > - John T.
> 
> I would also like to know if this is possible as there is a lot of software
> out there that still requires elevated privs to run on Windows boxen.

Put each user in a domain group, and put that group into the local
'administrators' or 'power users' alias.  So far, I've done this with
the GUI.  It should be possible to do this with remote tools like
rpcclient, or with local scripting too.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040215/41535a60/attachment.bin

More information about the samba mailing list