On 3/9/07 12:07 PM, "Matt Rosenberg" <email@hidden> wrote:
> On 3/9/07 8:36 AM, "Tina Siegenthaler" <email@hidden> wrote:
>
>>>>
>>>> This may be a stupid question, but can a user which is defined on
>>>> an OD server be an admin user on a managed client? This would be
>>>> easier than to define a local admin for t he both of us on each of
>>>> our Macs. I understand, of course, that you have to have at least
>>>> one local admin on each machine, but could we additionally have
>>>> two admins on the OD which are also admins on all our clients?
>>> The answer is yes - in a sense. Obviously there the checkbox in WGM
>>> to allow a user to become an "Administrator" etc., but that's
>>> potentially a road you don't want to go down.
>>>
>>> We only have *one* local account on any of our managed machines -
>>> obviously it's an "admin" account. However I suspect you're asking
>>> "around" the question. What exactly are you trying to achieve? I
>>> know you've asked about "two admins...also admins" etc - but what
>>> is it you want or need the admin privileges for on all the managed
>>> machines? [Just a little more detail, without presupposed solutions
>>> to a problem you haven't actually stated.]
>>>
>>>> (I *guess* it's not possible, since you would also have to define
>>>> on which machines this user is an admin, and that may be
>>>> difficult... right?)
>>> Well, again it depends on what you're trying to do. But it does
>>> sound at lot like Dan's Wooly Thinking :-)
>>>
>>>> TIA, Tina
>>>
>>> Cheers,
>>
>> OK, trying to be a bit more precise...
>>
>> We are two people at our IT department. Both of us need administrator
>> rights on our (managed) clients, but we are not supposed to use the
>> same single local admin account for the both of us (it should be
>> possible to track down who was actually logged in at a certain time).
>> This means we need *two* admin accounts on each client. Instead of
>> creating those two admins locally on each client, we'd like to create
>> two admins on the OD server, which we can use to administer all the
>> clients that are bound to this OD server.This would also make it MUCH
>> easier to change the password from time to time... just changing it
>> on the OD instead of changing on 100 or more clients...
>>
>> I know I can check the box "allow user to administer the server" but
>> I understand this means what it says, admin rights on the*server*,
>> not on the client(s) - am I wrong??
>
> I'm not sure if this is the "proper" way, but if you use niutil to add the
> shortnames of those two users to the local admin group on each client,
> they'll have admin rights when they log in.
>
> You could do this very easily with NetInfo Manager if you're working on
> building an image, but if you need to roll out the change to existing
> computers than ARD + niutil shell command is the way to go.
>
> Matt
Minor correction. ARD + dscl is the way to go (the reasons for which are
locked behind a WWDC NDA...)
------------------------------
Peter M. Bukowinski
IT - Sr. Support Analyst
Janelia Farm Research Campus
Howard Hughes Medical Institute
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden
This email sent to email@hidden
