Ah, just what I was looking for. Thanks!
One question, though -- do you validate the runas password against a local privileged account, such as \\%computername%\Administrator, all of which have the same local password, or do you end up having to use one on the domain with "Domain Admin" or similar privileges?
I currently don't have anyone with a groupmap Domain Admin account since I believe it's quite dangerous -- logged in as one, I was able to access a C$ directory on another machine, as well as rename it on the network via srvtools. It seems to be more than giving Administrator privileges over the local machine, and I find it to be too many privileges for someone on a Windows machine to have. Or is there a way that simply assigns local machine privileges without any scary things like that which would allow a smidgeon of malicious code to wreck the whole domain?
Thanks again, -Hunter
Beast wrote:
Hunter Rognstad wrote:
So, the question is, is there any way to run a logon script that has local Administrator privileges while running on a Windows XP machine joined to the samba domain in limited mode?
Many alternatives, such as sanur. I'm using it when need to install antivirus to W2k clients.
http://www.commandline.co.uk/sanur/
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
