[Samba] how a domain user can become a local administrator ?

Valéry Roché vroche at univ-poitiers.fr
Wed Nov 2 22:04:31 GMT 2005

Hi again,

Hmmm, well, I have some news about my problem.
Here is what I want : I want some Domain Groups to be local 
Administrators on the workstation they're logged in.
By default, all my users are in the Domain Users group. Some of them are 
in a second group. These groups are defined in an LDAP directory.

I'm trying to use CPAU to do this. Here how it should work :

1- on a workstation, I log in as a Domain Admin
2- I create a job file with CPAU like this :
	cpau -u domain\my_admin_account -p password -ex "net localgroup 
\"Administrators\" \"domain\group_I_want_to_be_local_admin\" /add" -file 
job_file.job -enc
3- the file job_file.job is copied on a network share
4- in the logonscript of the users I want to be local admins, I add 
these lines :
	net use z: \\server\job
	cpau -dec -file z:\job_file.job -profile

After succesfull login of a user of this group, I can see its group is 
member of the Local Admins on the workstation. But the user as no Admins 
rights !!! If I loggof this user, and loggin again, this user have admin 

But if I execute cpau by hand, as a domain users, but by providing a 
Domain Admin account and password, there is no need to logg in again.

What am I doing wrong ?

Valéry Roché

More information about the samba mailing list