[Samba] classic upgrade, splitting servers

[L.P.H. van Belle]

These are my recommended settings on SePrivileges. 
The should all be on "domain Admins" and not any users. 

This fixed the access denied if you connect through computer manager. 

Change the 2 variables below to match your setup. 

YOUR_NTPASSWD="YOUR_Administrator_PASSWD"
SETNTDOM="NTDOM"

echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeDiskOperatorPrivilege -UAdministrator

echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeTakeOwnershipPrivilege -UAdministrator

echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeBackupPrivilege -UAdministrator

echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeRestorePrivilege -UAdministrator

echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeRemoteShutdownPrivilege -UAdministrator

echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SePrintOperatorPrivilege -UAdministrator

echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeAddUsersPrivilege -UAdministrator

echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeDiskOperatorPrivilege -UAdministrator

echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeSecurityPrivilege -UAdministrator

echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeSystemtimePrivilege -UAdministrator

echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeShutdownPrivilege -UAdministrator

echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeDebugPrivilege -UAdministrator

echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeSystemEnvironmentPrivilege -UAdministrator

echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeSystemProfilePrivilege -UAdministrator

echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeProfileSingleProcessPrivilege -UAdministrator

echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeIncreaseBasePriorityPrivilege -UAdministrator

echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeLoadDriverPrivilege -UAdministrator

echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeCreatePagefilePrivilege -UAdministrator

echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeIncreaseQuotaPrivilege -UAdministrator

echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeChangeNotifyPrivilege -UAdministrator

echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeUndockPrivilege -UAdministrator

echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeManageVolumePrivilege -UAdministrator

echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeImpersonatePrivilege -UAdministrator

echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeCreateGlobalPrivilege -UAdministrator

echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeEnableDelegationPrivilege ?Uadministrator



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Stefan G. Weichinger via samba
> Verzonden: woensdag 24 mei 2017 13:45
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] classic upgrade, splitting servers
> 
> Am 2017-05-24 um 13:26 schrieb L.P.H. van Belle via samba:
> 
> >> I think I got it, but it gives an RPC Error (1728) and 
> after that it 
> >> shows me that I (connected there as
> >> BUERO\Administrator) have no permissions to look at the shared 
> >> folders.
> > You forgot to set the SePrivileges to or "domain admins" or 
> buildin\Administrator. 
> 
> how could I? I don't even know they exist ;-)
> pls remind me where to do that, thanks.
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>