Essentially.
We used a script to convert users from their local accounts to AD. Part of the script was to add a set of groups with admin access to the local admin group, and we added the new user (if they were an admin, which pretty much all of our users currently are) to the group as well.
Need to make sure that's also part of our new system setup. I think it is. On Mar 23, 2010, at 7:36 AM, Nichols, Jared - 1160 - MITLL wrote:
How are you doing this? Just using a dscl command?
j
On 3/22/10 3:42 PM, "Walls, Bryan K. (MSFC-IS30)" <email@hidden> wrote:
It's a known issue. We put the groups we want to have admin rights in the local admin group.
On Mar 22, 2010, at 1:52 PM, Nichols, Jared - 1160 - MITLL wrote:
Hi-
Our new Macs with 10.6.2 are being deployed on our Active Directory domain. We’re specifying in the AD-plugin group(s) that should be allowed to administer the computer if a member logs in, such as our help desk and local IT folks (if a group is equipped with them).
The odd behavior is that if you’re in that AD group when you log in, you receive your Admin privs just fine. However, the account does not cache (even though other accounts do) and you do not have Admin rights unless the computer can communicate with the domain controller. This includes if the machine goes to sleep and you wake it up. Before sleep you had Admin, after, you don’t.
Has anyone ever seen this? It certainly doesn’t seem like it’s the way it should be.
Thanks
j
---
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436
<smime.p7s> _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
---
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436
|