[Samba] Administrator-privileged logon scripts under limited mode on XP?

Hunter Rognstad hrognstad at starcenter.tn.org
Wed Mar 2 18:38:18 GMT 2005 

At our organization, we're currently gradually migrating the 
workstations from Windows 98 to Windows XP, while retaining the use of 
our samba server as a PDC. For those who may remember my previous post, 
our upgrade to Samba 3.0.11 from an ancient version (2.2.3) I inherited 
went extremely well, and I was thoroughly impressed how little I had to 
change to get everything running.

Anyways, I want the Windows XP users to mostly be in a limited user mode 
when on the domain, so they can't randomly install silly little games 
chock-full of spyware and other such things, unlike in Windows 98 where 
they always have Administrator access to their machine, even when logged 
in on the network.

However, clever use of the login.bat, as bad as it was to do it, was 
used to run things with administrator level privileges under Windows 98, 
such as installing certain updates or programs automatically, removing 
certain common spyware programs, copying useful utilities such as putty, 
gnugrep and vncviewer to a system directory for purposes of running from 
the $PATH, regedit'ing registry keys, etc. The login.bat under Windows 
XP, however, runs with user level privileges, which is in limited mode, 
meaning there's only so much I can do with it.

So, the question is, is there any way to run a logon script that has 
local Administrator privileges while running on a Windows XP machine 
joined to the samba domain in limited mode?

I've googled for some time and I hope I haven't missed anything, but I 
have yet to find anything that allows a logon script with anything but 
user-level (limited mode under XP) privileges, though I have heard some 
remote mentioning of it. It would be quite a nice thing to have, 
especially with the growth of our organization, so I could do more to 
each machine by remote without having to go through the ordeal of 
running a Windows Server, which is mostly out of the question as far as 
I'm concerned. Any suggestions for solutions would be much appreciated.

Thanks!

More information about the samba mailing list