Topic: xp users and administrators

[OzMoosis]

Hi all,

has anything changed with regard to making users member of XP group "users" or "administrators". I have followed the how-to's and created a group (called xp-admins) with description Domain Admins on my SME 7.1 server. However, when a member of that group logs in he does not have local administrator rights. I don't have to change any settings on the XP machine, do I?

I've done this before on SME 7.0, and it used to work!

Oz

[cactus]

I don't have to change any settings on the XP machine, do I?

As far as I know you will have to modify your XP box, to have the Domain Admins group be a member of the Administrator group, AFAIK this is not done default on joining a domain.

[haymann]

Even on a Windows network we have to specify who is in the Administrator group on each XP client. I would think that if you added xp-admins to the administrator group on each client you would be all set.

It sounds like the xp clients are joined to your SME domain, I wonder if there is a way to change the login script to add xp-admins to the local administrator group...

[Gert]

Correct me if I am wrong but when joining a domain the local users and groups are of NO importance. If you have administrative rights on the domain you will have administrative rights on your client pc.

[cactus]

Correct me if I am wrong but when joining a domain the local users and groups are of NO importance. If you have administrative rights on the domain you will have administrative rights on your client pc.

But I am not aware of Domain Admins being added to the local Administrators group... correct me if I am wrong (as well)

[Gert]

I think you are wrong (90% sure)

Check the SME Server manual:

7.2.4. MS Windows Domain configuration
SME Server can be configured to be the “Workgroup and Domain Controller” for your network, here users do not need accounts on individual PC's but authenticate against the Server. (In a subsequent chapter, we'll explain how this can be set using the web-based server manager.)

7.2.4.1. Connecting to a Domain
To connect a windows XP client to your domain, go to the “Control Panel”, select “System”, then “Computer Name”, and click on change. Enter your servers workgroup value in the domain field and 'Connect'. Enter the username of admin with the servers admin password when asked, and you should get back the response 'Connected to workgroup'

7.2.4.2. Setting admin rights
If you are using SME Server as a domain controller and the workstations have joined the domain then the following is possible.
The domain always has three groups created, assigned as follows:
Domain Admins => admin Domain
Users => shared (everyone)
Domain Guests => nobody
However if you create a group and name it whatever you want but put one of the above for the description then the newly created group will replace the above mapping. So if you create a group called “admins” and give it a description of “Domain Admins” then anyone you assign to this group will be a domain admin and also a local admin on ANY box that has joined the domain.

I am sure they would not leave out something as important as this?