[Samba] Administrator-privileged logon scripts under limited
mode on XP?
hrognstad at starcenter.tn.org
Thu Mar 3 17:43:49 GMT 2005
Ah, just what I was looking for. Thanks!
One question, though -- do you validate the runas password against a
local privileged account, such as \\%computername%\Administrator, all of
which have the same local password, or do you end up having to use one
on the domain with "Domain Admin" or similar privileges?
I currently don't have anyone with a groupmap Domain Admin account since
I believe it's quite dangerous -- logged in as one, I was able to access
a C$ directory on another machine, as well as rename it on the network
via srvtools. It seems to be more than giving Administrator privileges
over the local machine, and I find it to be too many privileges for
someone on a Windows machine to have. Or is there a way that simply
assigns local machine privileges without any scary things like that
which would allow a smidgeon of malicious code to wreck the whole domain?
> Hunter Rognstad wrote:
>> So, the question is, is there any way to run a logon script that has
>> local Administrator privileges while running on a Windows XP machine
>> joined to the samba domain in limited mode?
> Many alternatives, such as sanur. I'm using it when need to install
> antivirus to W2k clients.
More information about the samba