something like that!
George Farris wrote:
$%#@&^% I forgot to delete the profile. It works. Now I should be able to make a new "Domain Power Users" group with "net groupmap add". How does one find a new sid or can I just increment the last number used like so:
[EMAIL PROTECTED] profiles]# net groupmap list System Operators (S-1-5-32-549) -> -1 Domain Guests (S-1-5-21-1135672234-1853056381-2991119365-514) -> -1 Replicators (S-1-5-32-552) -> -1 Guests (S-1-5-32-546) -> -1 Power Users (S-1-5-32-547) -> -1 Print Operators (S-1-5-32-550) -> -1 Domain Users (S-1-5-21-1135672234-1853056381-2991119365-513) -> -1 Administrators (S-1-5-32-544) -> -1 Account Operators (S-1-5-32-548) -> -1 Backup Operators (S-1-5-32-551) -> -1 Users (S-1-5-32-545) -> users Domain Admins (S-1-5-21-1135672234-1853056381-2991119365-512) -> dadmin
Since S-1-5-21-1135672234-1853056381-2991119365-514 is the last number displayed I could use: S-1-5-21-1135672234-1853056381-2991119365-515
Also how does one remove a mapping from a local unixgroup? It seems once mapped, I can only ever assign it to a new group or delete the ntgroup and start again.
On Thu, 2003-07-24 at 13:18, Jason C. Waters wrote:
Did you try it after deleting the profile?
George Farris wrote:
Well interestingly enough it only works if I make pwruser (which is mapped to "Domain Users") be the primary group of the user. This is confusing because with the user I have set up for a Domain Admin (unixgroup dadmin) dadmin is not it's primary group.
Any thoughts?
On Thu, 2003-07-24 at 12:22, Felipe Alfaro Solana wrote:
On Thu, 2003-07-24 at 18:31, George Farris wrote:
On Windows, the "Power Users" is a local group, that is, it's membersI have also struggled with this problem. It seems one can map a domain group such as Domain Admins and have it take effect on the workstation but Power Users is, I think, a local group and it doesn't work even though one can map a unix group to it.
So how can one add users to a Power User group and have it take effect
like Domain Admins?
are not stored on a domain controller, but on the local SAM of the
machine. Thus, if for an specific machine you want to make all Domain
Users to be Power Users, you'll need to use Windows administration tools
and *manually* add the "Domain Users" global group to the "Power Users"
local group of the machine.
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
