From dca888e51eb97df60a3af6779b88cfa8d0e34996 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 11 Dec 2004 05:43:03 +0000 Subject: r4148: add a default set of privileges to the core builtin accounts in the sam. I decided to do it the simple way of making the privileges user attributes. w2k doesn't expose the privileges via LDAP, so we are free to store them in any way we like without breaking compatibility. (This used to be commit 5f29f4c3079be2fa54b94e08c829dadccc4d14c4) --- source4/provision.ldif | 40 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 39 insertions(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/provision.ldif b/source4/provision.ldif index 6d370c72e4..65975d2b7d 100644 --- a/source4/provision.ldif +++ b/source4/provision.ldif @@ -258,6 +258,31 @@ groupType: 0x80000005 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE unixName: ${WHEEL} +privilege: SeSecurityPrivilege +privilege: SeBackupPrivilege +privilege: SeRestorePrivilege +privilege: SeSystemtimePrivilege +privilege: SeShutdownPrivilege +privilege: SeRemoteShutdownPrivilege +privilege: SeTakeOwnershipPrivilege +privilege: SeDebugPrivilege +privilege: SeSystemEnvironmentPrivilege +privilege: SeSystemProfilePrivilege +privilege: SeProfileSingleProcessPrivilege +privilege: SeIncreaseBasePriorityPrivilege +privilege: SeLoadDriverPrivilege +privilege: SeCreatePagefilePrivilege +privilege: SeIncreaseQuotaPrivilege +privilege: SeChangeNotifyPrivilege +privilege: SeUndockPrivilege +privilege: SeManageVolumePrivilege +privilege: SeImpersonatePrivilege +privilege: SeCreateGlobalPrivilege +privilege: SeEnableDelegationPrivilege +privilege: SeInteractiveLogonRight +privilege: SeNetworkLogonRight +privilege: SeRemoteInteractiveLogonRight + dn: CN=Users,CN=Builtin,${BASEDN} objectClass: top @@ -323,6 +348,9 @@ systemFlags: 0x8c000000 groupType: 0x80000005 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE +privilege: SeLoadDriverPrivilege +privilege: SeShutdownPrivilege +privilege: SeInteractiveLogonRight dn: CN=Backup Operators,CN=Builtin,${BASEDN} objectClass: top @@ -344,6 +372,10 @@ systemFlags: 0x8c000000 groupType: 0x80000005 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE +privilege: SeBackupPrivilege +privilege: SeRestorePrivilege +privilege: SeShutdownPrivilege +privilege: SeInteractiveLogonRight dn: CN=Replicator,CN=Builtin,${BASEDN} objectClass: top @@ -750,6 +782,12 @@ systemFlags: 0x8c000000 groupType: 0x80000005 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE +privilege: SeBackupPrivilege +privilege: SeSystemtimePrivilege +privilege: SeRemoteShutdownPrivilege +privilege: SeRestorePrivilege +privilege: SeShutdownPrivilege +privilege: SeInteractiveLogonRight dn: CN=Account Operators,CN=Builtin,${BASEDN} objectClass: top @@ -771,6 +809,7 @@ systemFlags: 0x8c000000 groupType: 0x80000005 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE +privilege: SeInteractiveLogonRight dn: CN=Templates,${BASEDN} objectClass: top @@ -864,4 +903,3 @@ cn: TemplateGroup name: TemplateGroup instanceType: 4 sAMAccountType: 0x10000000 - -- cgit