This parameter controls whether or not smbd will honor
privileges assigned to specific SIDs via either net rpc rights
or one of the Windows user and group manager tools. This parameter is
disabled by default to prevent members of the Domain Admins group from
being able to assign privileges to users or groups which can then result in certain
smbd operations running as root that would normally run under the context
of the connected user.
An example of how privileges can be used is to assign
the right to join clients to a Samba controlled domain without
providing root access to the server via smbd.
Please read the extended description provided in the
Samba documentation before enabling this option.
no