[Samba] Local Administrator access

Gaiseric Vandal gaiseric.vandal at gmail.com
Mon Nov 26 08:22:29 MST 2012 

With Windows7, the 1st account you create  during the initial setup is 
typically a member of the local admin group.  The actual "Administrator" 
account is normally disabled.  Did this 1st account get deleted?

When you joined the domain, the Domain Admin's groups should have been 
added to the local Admin group.

This can get messed up if your group mappings are not set up correctly.

Also, I think when running the "net" command you may want to use "-U 
Administrator" to use the credentials of your domain Administrator 
account  (assuming one has been defined.)  In my setup the unix root 
does not have a samba account.




On 11/26/12 10:03, Knut Olav Bøhmer wrote:
> Hi,
>
> I have a windows 7 machine withouth local administrator account.
> I need to create such an account. I can log in to the machine with a user
> on my samba domain.
>
> What do I need to do in order to get administrator access, or access to
> create an local administrator account?
>
> I have tried to do this:
>
> [root at float samba]# net rpc group addmem "Administrators" 'DOMAIN\username'
> Enter root's password:
> Could not add SKOLELINUX\knobo to Administrators: NT_STATUS_NO_SUCH_ALIAS
>
> I have tried to give some rights this way:
>
> net rpc rights grant 'DOMAIN\username' SeMachineAccountPrivilege
> SeAddUsersPrivilege SeDiskOperatorPrivilege SeSecurityPrivilege
> SeUndockPrivilege SeImpersonatePrivilege SeCreateGlobalPrivilege
> SePrintOperatorPrivilege SeCreateGlobalPrivilege
> SeEnableDelegationPrivilege  SeUndockPrivilege  SeTakeOwnershipPrivilege
>
> And it does what I tell it:
> [root at float samba]# net rpc rights list knobo
> Enter root's password:
> SeMachineAccountPrivilege
> SeTakeOwnershipPrivilege
> SeRemoteShutdownPrivilege
> SePrintOperatorPrivilege
> SeAddUsersPrivilege
> SeDiskOperatorPrivilege
> SeSecurityPrivilege
> SeSystemProfilePrivilege
> SeUndockPrivilege
> SeImpersonatePrivilege
> SeCreateGlobalPrivilege
> SeEnableDelegationPrivilege
>
>
> But I'm still promptet for username and password, when I try to access the
> user accounts in windows 7.
>
> Any suggestions?
>
>
> Regards

More information about the samba mailing list