diff options
| author | John Terpstra <jht@samba.org> | 2005-06-16 18:31:27 +0000 |
|---|---|---|
| committer | Gerald W. Carter <jerry@samba.org> | 2008-04-23 08:46:50 -0500 |
| commit | 161ac1e36f0adf8f081422f98b25f2cf5b690720 (patch) | |
| tree | b0a3df0b956901df91b5baaff6f36c0d6c549db2 /docs/Samba3-HOWTO/TOSHARG-RightsAndPriviliges.xml | |
| parent | 04418983c959beb0c687dae9ad19d5e2d77b99df (diff) | |
| download | samba-161ac1e36f0adf8f081422f98b25f2cf5b690720.tar.gz samba-161ac1e36f0adf8f081422f98b25f2cf5b690720.tar.bz2 samba-161ac1e36f0adf8f081422f98b25f2cf5b690720.zip | |
More Updates.
(This used to be commit 6fba7bc2c89b584278b0f888b7620b5206624e4b)
Diffstat (limited to 'docs/Samba3-HOWTO/TOSHARG-RightsAndPriviliges.xml')
| -rw-r--r-- | docs/Samba3-HOWTO/TOSHARG-RightsAndPriviliges.xml | 43 |
1 files changed, 41 insertions, 2 deletions
diff --git a/docs/Samba3-HOWTO/TOSHARG-RightsAndPriviliges.xml b/docs/Samba3-HOWTO/TOSHARG-RightsAndPriviliges.xml index 3a87fcd64c..15a963943b 100644 --- a/docs/Samba3-HOWTO/TOSHARG-RightsAndPriviliges.xml +++ b/docs/Samba3-HOWTO/TOSHARG-RightsAndPriviliges.xml @@ -278,11 +278,50 @@ or domain. Under UNIX/Linux the equivalent is UID=0 (the root account). </para></note> <para> -Commencing with Samba version 3.0.11 it is possible to operate without an Administrator account +Releases of Samba version 3.0.11 and later make it possible to operate without an Administrator account providing equivalent rights and privileges have been established for a Windows user or a Windows -group account. +group account. </para> </sect1> +<sect1> +<title>Common Errors</title> + + <sect2> + <title>What Rights and Privileges Will Permit Windows Client Administration?</title> + + <para> + When a Windows NT4 (or later) client joins a domain, the domain global <literal>Domain Admins</literal> group + is added to the membership of the local <literal>Administrators</literal> group on the client. Any user who is + a member of the domain global <literal>Domain Admins</literal> group will have administrative rights on the + Windows client. + </para> + + <para> + This is often not the most desirable solution because it means that the user will have administrative + rights and privileges on domain servers also. The <literal>Power Users</literal> group on Windows client + workstations permits local administration of the workstation alone. Any domain global user or domain global + group can be added to the membership of the local workstation group <literal>Power Users</literal>. + </para> + + <para> + See <link linkend="nestedgrpmgmgt">Nested Group Support</link> for an example of how to add domain users + and groups to a local group that is on a Windows workstation. The use of the <command>net</command> + command permits this to be done from the Samba server. + </para> + + <para> + Another way this can be done is to log onto the Windows workstation as the user + <literal>Administrator</literal>, then open a <command>cmd</command> shell, then execute: +<screen> +c:\ net localgroup administrators /add <userinput>domain_name\entity</userinput> +</screen> + where <literal>entity</literal> is either a domain user or a domain group account name. + </para> + + </sect2> + +</sect1> + </chapter> |