Re: [Fed-Talk] Odd Active Directory group behavior
Re: [Fed-Talk] Odd Active Directory group behavior
- Subject: Re: [Fed-Talk] Odd Active Directory group behavior
- From: "Nichols, Jared - 1160 - MITLL" <email@hidden>
- Date: Tue, 23 Mar 2010 07:36:10 -0400
- Acceptlanguage: en-US
- Thread-topic: [Fed-Talk] Odd Active Directory group behavior
Title: Re: [Fed-Talk] Odd Active Directory group behavior
How are you doing this? Just using a dscl command?
j
On 3/22/10 3:42 PM, "Walls, Bryan K. (MSFC-IS30)" <email@hidden> wrote:
It's a known issue. We put the groups we want to have admin rights in the local admin group.
On Mar 22, 2010, at 1:52 PM, Nichols, Jared - 1160 - MITLL wrote:
Hi-
Our new Macs with 10.6.2 are being deployed on our Active Directory domain. We’re specifying in the AD-plugin group(s) that should be allowed to administer the computer if a member logs in, such as our help desk and local IT folks (if a group is equipped with them).
The odd behavior is that if you’re in that AD group when you log in, you receive your Admin privs just fine. However, the account does not cache (even though other accounts do) and you do not have Admin rights unless the computer can communicate with the domain controller. This includes if the machine goes to sleep and you wake it up. Before sleep you had Admin, after, you don’t.
Has anyone ever seen this? It certainly doesn’t seem like it’s the way it should be.
Thanks
j
---
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436
<smime.p7s> _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
---
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden