Re: [Samba] power users group
- Date: Fri, 16 Mar 2018 16:59:36 +0100
- From: Lorenzo Delana via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] power users group
I known that, Thank you for the advise, I ended in the following dc config:
- Administrator ( real random password len 24 )
- itadmin member of "Domain Admins" ( real random password len 12 )
- custom "Local Admins" group with some users able to install software (
like local pc administrators ) (reference
the purpose of itadmin user here is to be used only by IT administrator
from secure hosts and has a password more easy to digit even w/out
copy/paste or other tools and with a defined password expiration.
the purpose of users in Local Admins group is to allow local pc software
installation w/out the need of itadmin intervent and ensure no AD
modification can be done.
On 15/03/2018 17:34, Harry Jede wrote:
Am Donnerstag, 15. März 2018, 16:21:24 CET schrieb Lorenzo Delana via
> I just installed a samba4 dc and I see that Power Users group is
> missing, is possible to create that group so that a workstation
> joined in the domain can install software using users belonging to
> that group and how it can be done?
> actually simply creating a group with that name doesn't get any
> privilege to that group users.
SID: S-1-5-32-547 Name: Power Users Description: A built-in group. By
default, the group has no members. Power users can create local users
and groups; modify and delete accounts that they have created; and
remove users from the Power Users, Users, and Guests groups. Power
users also can install programs; create, manage, and delete local
printers; and create and delete file shares.
the net command may used to create the group and assign privilegs.
Power Users can much more then installing software. i.e. managing
users and groups.
This is the reason why MS has removed "Power Users" from default install.
IT IS REALLY RISKY.
But if you want, it is your choice.
To unsubscribe from this list go to the following URL and read the