[Samba] Netlogon Service Privileged Account
Todd E Thomas
todd_dsm at ssiresults.com
Sun Apr 26 18:35:12 GMT 2009
Let me first start by saying everything is working as expected so far!
This is about my login script being shared from the netlogon directory.
My XP client sees and executes the 99% of the script. The last little
bit is permissions-related.
In my logon.vbs script I am attempting to set the registry key to
disable offline folder syncs. A "Domain User" cannot uncheck this box,
nor can they modify this registry key. This can only been done by a
privileged user. On a Win2k3 server the netlogon service account has the
ability to execute these types of changes on behalf of the user.
The problem is that the script executes using 'test user' account
entered at logon time. This was verified by putting in a 60 second wait
time somewhere in the script; then you can to to the task manager and
see the username running the logon script.
This does not emulate the windows process.
My question: How would I go about assigning a privileged user, like the
netlogon service account, to my logon.vbs script so that it is able to
make those registry key modifications for any domain user logging into
Samba 3.0.3 ?
Thanks in advance,
More information about the samba