[Samba] Making users local administrators

Gregory Sloop gregs at sloop.net
Thu Mar 21 09:43:33 MDT 2013

ML> On Thu, Mar 21, 2013 at 11:24 AM, Terry Austin <terry at crownhardware.com> wrote:
>> On 21 Mar 2013 at 10:29, L.P.H. van Belle wrote:
>>> DONT DO IT !!
>>> This is Administrators 1ste rule !!
>>> NEVER, but then NEVER giver users Administrator/PowerUser rights.
>> I have no choice. There's too much stuff out of my control that requires
>> the daily user have admin rights locally.

ML> Well, it's a lot more work, but you could use the Windows utilities
ML> FILEMON and REGMON to monitor what file and registry access your
ML> applications require on the local machine, and then grant the local
ML> user access to just those needed items, rather than across-the-board
ML> full local administrator access.

For goodness sake.

I think it's appropriate to remember that the networks and
workstations were put there, NOT for the enjoyment and ability of
network admins to insist on technical purity and "rightness," but to
get work done.

If "technical purity" becomes the paramount focus, IMO, we're doing it

Finally, sometimes political considerations, among others also
outweigh technical purity. And frankly, given the environment and time
constraints, it may be MORE work and cost to figure out what's needed
to not allow local admin privs.

So, please. Go ahead and warn if you like, but offer some help, don't
just abuse the poster for making a decision that's practical for their
particular situation.

More information about the samba mailing list