Hi again,

Hmmm, well, I have some news about my problem.
Here is what I want : I want some Domain Groups to be local Administrators on the workstation they're logged in. By default, all my users are in the Domain Users group. Some of them are in a second group. These groups are defined in an LDAP directory.

I'm trying to use CPAU to do this. Here how it should work :

1- on a workstation, I log in as a Domain Admin
2- I create a job file with CPAU like this :
cpau -u domain\my_admin_account -p password -ex "net localgroup \"Administrators\" \"domain\group_I_want_to_be_local_admin\" /add" -file job_file.job -enc
3- the file job_file.job is copied on a network share
4- in the logonscript of the users I want to be local admins, I add these lines :
        net use z: \\server\job
        cpau -dec -file z:\job_file.job -profile

After succesfull login of a user of this group, I can see its group is member of the Local Admins on the workstation. But the user as no Admins rights !!! If I loggof this user, and loggin again, this user have admin rights.

But if I execute cpau by hand, as a domain users, but by providing a Domain Admin account and password, there is no need to logg in again.

What am I doing wrong ?

Sincerely,
Valéry Roché
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Reply via email to