[ale] NT workstation permissions w/samba server

Mike mnelson at bellsouth.net
Fri Mar 23 19:04:05 EST 2001 

It won't help to tell Linux/Samba that they want to have admin rights.
Even in a pure NT environment the PDC can't grant a user local admin rights.
The only way a person can have Administrator rights to do admin stuff on a NT 
workstation is they're listed on that workstation's Administrators group. 

One way is for you to go to each workstation and login with the local 
administrator account (You did change the name, didn't you?), open User 
Manager and add that person's id, domain id, or domain group (such as 
"<domainname>/Domain Administrators").

Also, you can add and remove user id's to the Administrator group using 
Perl's Win32 extensions (which you are going to want to learn anyway to 
remotely administer your Windows computers).
You should go to the Barnes and Noble public library and thumb through 
"Windows NT Win32 Perl Programming: The Standard Extensions" by Dave Roth

it's something like this perl scrap -

Use Win32::NetAdmin;
(looping login)
$ComputerName = "grumpy"; 
$Group = "Administrators";
$UserID = "bob";
Win32:NetAdmin::LocalGroupAddUsers( "\\\\$ComputerName", "$Group", "$UserID"; 
) 

The machine executing the script has to have the name and password as the 
existing Administrator's account  on each workstation.
You can also use the perl Win32 extensions to change every workstation's 
local admin and user passwords whenever you feel like it without having to 
visit them all. 

There's also a kludgey way to remotely administer users from a NT workstation 
using the scheduler service and the "net user" command.




On Friday 23 March 2001 17:38, Gary S MacKay wrote:
> How do I set a user's permissions when attached to a samba server? I
> have a samba box doing it's best to be a PDC. There is no NT server box.
> Samba is doing it all. Win9x workstations authenticate, run the login
> script, etc. all is well. The NT workstations are also working as far as
> logging in, running the script,etc. The problem is when I want a user to
> have admin privilages. When a user trys to install something or make
> changes to the workstation, NT complains that it does not have the
> rights. How do I tell linux/samba that this particular user is OK?
>
> - Gary
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.

More information about the Ale mailing list