[Samba] roaming profile does ­not ­work for "Domain Adm­ins"

steve steve at steve-ss.com
Fri Oct 31 02:19:08 MDT 2014

On 31/10/14 08:57, L.P.H. van Belle wrote:
> Hi Steve.
> about.. ( and i am an admin ) ;-)
>> Why do admins think they can enter people's private areas?
>> It's nothing
>> to do with you. You are merely there to make sure the
>> computers work. So
>> do just that. You do not dictate what others put in their
>> profile. Just
>> leave your users alone. When they have a problem they will tell you.
>> Otherwise stay out.
>> Jo
> Yes, you correct an admin has nothing to do in people's private areas.
> But in my company, users have access to very very private information about people.
> We have to do check so this isnt abused.
Louis, I think you're talking about something else because if not then 
you should put this information in a database, not inuser's profile.

> So in your company rules and people contract they sign that the know i can access everything, see everything and i check verything if i suspect wrong doings..
I do not see what right an admin has over how someone arranges their 
desktop or what wallpaper they choose. The boss, yes. But not the admin.

> and in my case ( and maybe miro's also ) I do dictate wat can ben in there profiles or not,
> but i just close my network and computers with lots of policies.
Exactly. So you do not need to browse their profiles like the OP says he 
needs to. It is an intrusion on their privacy.

> my users can only write in there profiles folder but are unable to access it them selves,
> there "private" user folder (home), and the needed shares.
> They are not allowed to even write on there desktop etc.
But that is not for _you_ to decide as an admin.
> So yes, i can understand miro's problem. He just didnt give the needed info, and that cost him time.
> but he learned from it.
> So lets be happy for him its solved...  ( even its a commen setting in the policies. )
We are also happy for the OP, but the stance on the right of a mere 
sysadmin to be allowed access to a profile simply because we consider 
ourselves admins is wrong. It really is nothing to do with us. We are 
enough of a burden on a company as it is without getting involved in 
affairs about which we have little or no idea!

T. H. 1. Robin

> Greetz,
> Louis

More information about the samba mailing list