[Samba] restricting the windows users security tab with samba acl

Jaan Talvet jtalvet at njsba.org
Mon Aug 20 15:35:14 GMT 2007


Hello,

We're porting all our windows file servers over to linux. I just joined
our samba server to Active Directory and it works great with ACL - I can
add/remove Sales, Marketing, IT groups etc.., unfortunately, so can
everyone else. 

Q) How can I restrict our regular windows XP users from manipulating the
"Properties -> Security" tab in file explorer? I'd need  to restrict
that to only the "Domain Admins" group like in Windows. Right now,
anyone can add/remove groups - that's bad.

setting "nt acl support = no" removes ACL control completely, not just
for regular users, but admins too.

any ideas?

 

Thanks,

Jaan 

 



More information about the samba mailing list