On 3/9/07 8:36 AM, "Tina Siegenthaler" <email@hidden> wrote:
>>>
>>> This may be a stupid question, but can a user which is defined on
>>> an OD server be an admin user on a managed client? This would be
>>> easier than to define a local admin for t he both of us on each of
>>> our Macs. I understand, of course, that you have to have at least
>>> one local admin on each machine, but could we additionally have
>>> two admins on the OD which are also admins on all our clients?
>> The answer is yes - in a sense. Obviously there the checkbox in WGM
>> to allow a user to become an "Administrator" etc., but that's
>> potentially a road you don't want to go down.
>>
>> We only have *one* local account on any of our managed machines -
>> obviously it's an "admin" account. However I suspect you're asking
>> "around" the question. What exactly are you trying to achieve? I
>> know you've asked about "two admins...also admins" etc - but what
>> is it you want or need the admin privileges for on all the managed
>> machines? [Just a little more detail, without presupposed solutions
>> to a problem you haven't actually stated.]
>>
>>> (I *guess* it's not possible, since you would also have to define
>>> on which machines this user is an admin, and that may be
>>> difficult... right?)
>> Well, again it depends on what you're trying to do. But it does
>> sound at lot like Dan's Wooly ThinkingĀ :-)
>>
>>> TIA, Tina
>>
>> Cheers,
>
> OK, trying to be a bit more precise...
>
> We are two people at our IT department. Both of us need administrator
> rights on our (managed) clients, but we are not supposed to use the
> same single local admin account for the both of us (it should be
> possible to track down who was actually logged in at a certain time).
> This means we need *two* admin accounts on each client. Instead of
> creating those two admins locally on each client, we'd like to create
> two admins on the OD server, which we can use to administer all the
> clients that are bound to this OD server.This would also make it MUCH
> easier to change the password from time to time... just changing it
> on the OD instead of changing on 100 or more clients...
>
> I know I can check the box "allow user to administer the server" but
> I understand this means what it says, admin rights on the*server*,
> not on the client(s) - am I wrong??
I'm not sure if this is the "proper" way, but if you use niutil to add the
shortnames of those two users to the local admin group on each client,
they'll have admin rights when they log in.
You could do this very easily with NetInfo Manager if you're working on
building an image, but if you need to roll out the change to existing
computers than ARD + niutil shell command is the way to go.
Matt
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden
This email sent to email@hidden
