[Samba] Netlogon Service Privileged Account

Todd E Thomas todd_dsm at ssiresults.com
Sun Apr 26 18:35:12 GMT 2009


Hey all,

Let me first start by saying everything is working as expected so far! 
This is about my login script being shared from the netlogon directory.

My XP client sees and executes the 99% of the script. The last little 
bit is permissions-related.

In my logon.vbs script I am attempting to set the registry key to 
disable offline folder syncs. A "Domain User" cannot uncheck this box, 
nor can they modify this registry key. This can only been done by a 
privileged user. On a Win2k3 server the netlogon service account has the 
ability to execute these types of changes on behalf of the user.

The problem is that the script executes using 'test user' account 
entered at logon time. This was verified by putting in a 60 second wait 
time somewhere in the script; then you can to to the task manager and 
see the username running the logon script.

This does not emulate the windows process.

My question: How would I go about assigning a privileged user, like the 
netlogon service account, to my logon.vbs script so that it is able to 
make those registry key modifications for any domain user logging into 
Samba 3.0.3 ?


Thanks in advance,

Thomas




More information about the samba mailing list