Re: [Samba] Local Administrator access

Mon, 26 Nov 2012 07:22:45 -0800

With Windows7, the 1st account you create during the initial setup is typically a member of the local admin group. The actual "Administrator" account is normally disabled. Did this 1st account get deleted?
When you joined the domain, the Domain Admin's groups should have been added to the local Admin group. 

This can get messed up if your group mappings are not set up correctly.


Also, I think when running the "net" command you may want to use "-U 
Administrator" to use the credentials of your domain Administrator 
account  (assuming one has been defined.)  In my setup the unix root 
does not have a samba account.





On 11/26/12 10:03, Knut Olav Bøhmer wrote:

Hi,

I have a windows 7 machine withouth local administrator account.
I need to create such an account. I can log in to the machine with a user
on my samba domain.

What do I need to do in order to get administrator access, or access to
create an local administrator account?

I have tried to do this:

[root@float samba]# net rpc group addmem "Administrators" 'DOMAIN\username'
Enter root's password:
Could not add SKOLELINUX\knobo to Administrators: NT_STATUS_NO_SUCH_ALIAS

I have tried to give some rights this way:

net rpc rights grant 'DOMAIN\username' SeMachineAccountPrivilege
SeAddUsersPrivilege SeDiskOperatorPrivilege SeSecurityPrivilege
SeUndockPrivilege SeImpersonatePrivilege SeCreateGlobalPrivilege
SePrintOperatorPrivilege SeCreateGlobalPrivilege
SeEnableDelegationPrivilege  SeUndockPrivilege  SeTakeOwnershipPrivilege

And it does what I tell it:
[root@float samba]# net rpc rights list knobo
Enter root's password:
SeMachineAccountPrivilege
SeTakeOwnershipPrivilege
SeRemoteShutdownPrivilege
SePrintOperatorPrivilege
SeAddUsersPrivilege
SeDiskOperatorPrivilege
SeSecurityPrivilege
SeSystemProfilePrivilege
SeUndockPrivilege
SeImpersonatePrivilege
SeCreateGlobalPrivilege
SeEnableDelegationPrivilege


But I'm still promptet for username and password, when I try to access the
user accounts in windows 7.

Any suggestions?


Regards


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba






















					Reply via email to