[Samba] Samba PDC + LDAP: adding user to local admin group

Gustavo Michels gustavo.michels at gmail.com
Fri Oct 10 12:47:26 GMT 2008

Hi all,

On Thu, Oct 9, 2008 at 6:29 PM, Tim Bates <tin at new-life.org.au> wrote:

> Not sure if you can do it like that, but if you only want to give them
> local admin on their own computer (and not everyone else's), you're going to
> want to do it on each computer manually anyway... Or via a script if you're
> going to have to change them often.
> If you set it at a domain level like you said, it would give them admin
> rights anywhere they can log into.

Well actually it wouldn't be a big problem if the user has local admin
rights on any machine.

On Fri, Oct 10, 2008 at 4:17 AM, L.P.H. van Belle <belle at bazuin.nl> wrote:

> hmmm giving users local admin rights, thats not the way to do it.
> and makes your network insecure..
> Better control this through de domain groups.
> this is how i do it.
> i create a domain groep, add the users in it, and through loginscript
> i create a local group and add the domain group in it.
> now on directories/files or in registry i give the local group the needed
> rights.

That's a nice approach, but what commands I have available to do such tasks
as create/add groups on the local machine? I'm don't have deep technical
knowledge on windows networking.

Anyway, I thought this was a trivial task and it seems it is not. So, as
there aren't many users with this special need, I'm starting to consider the
manual way of adding the to the local admin group on their own machine.


More information about the samba mailing list