diff options
| author | Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de> | 2009-09-06 19:57:50 +0200 |
|---|---|---|
| committer | Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de> | 2009-09-07 08:37:25 +0200 |
| commit | 90d6829f8a6dcb9d4851ad587d75680de6815041 (patch) | |
| tree | 2a36d1fe079d79bd080a72c91efc330c989b0f9d /source4/setup/provision_users.ldif | |
| parent | 5107f6fd0acc7d8e5a69bd838f44f74f0a094290 (diff) | |
| download | samba-90d6829f8a6dcb9d4851ad587d75680de6815041.tar.gz samba-90d6829f8a6dcb9d4851ad587d75680de6815041.tar.bz2 samba-90d6829f8a6dcb9d4851ad587d75680de6815041.zip | |
s4:Foreign security principals - Fix them up
I fixed them up to match with Windows Server 2003. I don't think that the
creation of them in the provision script is needed so I put them in the
"provision_users.ldif" file.
Diffstat (limited to 'source4/setup/provision_users.ldif')
| -rw-r--r-- | source4/setup/provision_users.ldif | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif index 8669d8a4e6..bc5616ba5b 100644 --- a/source4/setup/provision_users.ldif +++ b/source4/setup/provision_users.ldif @@ -176,6 +176,30 @@ sAMAccountName: Event Log Readers groupType: -2147483644 isCriticalSystemObject: TRUE +# Add foreign security principals + +dn: CN=S-1-5-4,CN=ForeignSecurityPrincipals,${DOMAINDN} +objectClass: top +objectClass: foreignSecurityPrincipal +objectSid: S-1-5-4 + +dn: CN=S-1-5-9,CN=ForeignSecurityPrincipals,${DOMAINDN} +objectClass: top +objectClass: foreignSecurityPrincipal +objectSid: S-1-5-9 + +dn: CN=S-1-5-11,CN=ForeignSecurityPrincipals,${DOMAINDN} +objectClass: top +objectClass: foreignSecurityPrincipal +objectSid: S-1-5-11 + +dn: CN=S-1-5-20,CN=ForeignSecurityPrincipals,${DOMAINDN} +objectClass: top +objectClass: foreignSecurityPrincipal +objectSid: S-1-5-20 + +# Add builtin objects + dn: CN=Administrators,CN=Builtin,${DOMAINDN} objectClass: top objectClass: group @@ -219,6 +243,8 @@ objectClass: top objectClass: group description: Users are prevented from making accidental or intentional system-wide changes. Thus, Users can run certified applications, but not most legacy applications member: CN=Domain Users,CN=Users,${DOMAINDN} +member: CN=S-1-5-4,CN=ForeignSecurityPrincipals,${DOMAINDN} +member: CN=S-1-5-11,CN=ForeignSecurityPrincipals,${DOMAINDN} objectSid: S-1-5-32-545 sAMAccountName: Users systemFlags: -1946157056 @@ -311,6 +337,7 @@ dn: CN=Performance Log Users,CN=Builtin,${DOMAINDN} objectClass: top objectClass: group description: Members of this group have remote access to schedule logging of performance counters on this computer +member: CN=S-1-5-20,CN=ForeignSecurityPrincipals,${DOMAINDN} objectSid: S-1-5-32-559 sAMAccountName: Performance Log Users systemFlags: -1946157056 @@ -350,6 +377,7 @@ dn: CN=Pre-Windows 2000 Compatible Access,CN=Builtin,${DOMAINDN} objectClass: top objectClass: group description: A backward compatibility group which allows read access on all users and groups in the domain +member: CN=S-1-5-11,CN=ForeignSecurityPrincipals,${DOMAINDN} objectSid: S-1-5-32-554 sAMAccountName: Pre-Windows 2000 Compatible Access systemFlags: -1946157056 @@ -372,6 +400,7 @@ dn: CN=Windows Authorization Access Group,CN=Builtin,${DOMAINDN} objectClass: top objectClass: group description: Members of this group have access to the computed tokenGroupsGlobalAndUniversal attribute on User objects +member: CN=S-1-5-9,CN=ForeignSecurityPrincipals,${DOMAINDN} objectSid: S-1-5-32-560 sAMAccountName: Windows Authorization Access Group systemFlags: -1946157056 |