[Samba] how a domain user can become a local administrator ?
Valéry Roché
vroche at univ-poitiers.fr
Wed Nov 2 22:04:31 GMT 2005
Hi again,
Hmmm, well, I have some news about my problem.
Here is what I want : I want some Domain Groups to be local
Administrators on the workstation they're logged in.
By default, all my users are in the Domain Users group. Some of them are
in a second group. These groups are defined in an LDAP directory.
I'm trying to use CPAU to do this. Here how it should work :
1- on a workstation, I log in as a Domain Admin
2- I create a job file with CPAU like this :
cpau -u domain\my_admin_account -p password -ex "net localgroup
\"Administrators\" \"domain\group_I_want_to_be_local_admin\" /add" -file
job_file.job -enc
3- the file job_file.job is copied on a network share
4- in the logonscript of the users I want to be local admins, I add
these lines :
net use z: \\server\job
cpau -dec -file z:\job_file.job -profile
After succesfull login of a user of this group, I can see its group is
member of the Local Admins on the workstation. But the user as no Admins
rights !!! If I loggof this user, and loggin again, this user have admin
rights.
But if I execute cpau by hand, as a domain users, but by providing a
Domain Admin account and password, there is no need to logg in again.
What am I doing wrong ?
Sincerely,
Valéry Roché
More information about the samba
mailing list