[Samba] Administrator-privileged logon scripts under limited mode on XP?

Hunter Rognstad hrognstad at starcenter.tn.org
Thu Mar 3 17:43:49 GMT 2005

Ah, just what I was looking for. Thanks!

One question, though -- do you validate the runas password against a 
local privileged account, such as \\%computername%\Administrator, all of 
which have the same local password, or do you end up having to use one 
on the domain with "Domain Admin" or similar privileges?

I currently don't have anyone with a groupmap Domain Admin account since 
I believe it's quite dangerous -- logged in as one, I was able to access 
a C$ directory on another machine, as well as rename it on the network 
via srvtools. It seems to be more than giving Administrator privileges 
over the local machine, and I find it to be too many privileges for 
someone on a Windows machine to have. Or is there a way that simply 
assigns local machine privileges without any scary things like that 
which would allow a smidgeon of malicious code to wreck the whole domain?

Thanks again,

Beast wrote:

> Hunter Rognstad wrote:
>> So, the question is, is there any way to run a logon script that has 
>> local Administrator privileges while running on a Windows XP machine 
>> joined to the samba domain in limited mode?
> Many alternatives, such as sanur. I'm using it when need to install 
> antivirus to W2k clients.
> http://www.commandline.co.uk/sanur/

More information about the samba mailing list