new user 2

[k3vin]

how can i create a user with the same rights like the ADMIN user?


does anyone has a pdf or something with netware doc and info

 

[LawnBoy]

In NWAdmin, double click the user and select the 'Security Equal To' tab. Click 'Add' and browse to and select the Administrator object.

In ConsoleOne, doble click the user and under the 'Memberships' tab select 'Security Equal To'. Click 'Add', browse to and select the Administrator object.

 

[TheLad]

I wouldn't do it this way because if the ADMIN user object gets deleted (even by accident, it can happen) or damaged (maybe by a hacker?), your other user object will be ineffective as the security equal to rights could be lost.

In my opinion, if you want an ADMIN equivalent account, it is usually best to make the user a trustee of [Root] and allocate the rights from there.

-----------------------------------------------------
"It's true, its damn true!"
-----------------------------------------------------

 

[ITsmyfault]

I have to agree with TheLad on this one. Security equiv creates a dependence chain. The whole reason (to me) of having a second admin user is in case something happens to admin - so linking them defeats the purpose. Admin gets deleted and now your backup user does not work either.
FWIW here I have given our admin rights 2 ways so that it would be exceptionally hard for all of our admins to lose rights to the tree. Each admin user gets rights directly (trustee of root), then gets added to the admins group (which is a trustee of root also). You can kill a user or the group and the others will still be able to restore things to how they should be.

btw a good back door I have seen some folks use is to create an hidden admin user object and not give it a password (prompt of first login..) so if somehow your admin users got whacked, you could still log in and recreate everything since no one can see the thing but the person who created it. That of course assumes that the person who created it is not hte one who decides to wreck everything.

 

[LawnBoy]

Hmmm... Equivalences were how they were doing it when I got here, but I see your point. It's easy, but it's not any kind of insurance.

Good stuff, this forum. Stars all around.

 

[LawnBoy]

Time for me to expose my ignorance... Since I don't find a [root] object, do you mean to add trustee from the Tree object?

Those equivalences do make a mess of things. Since I'm equiv to Admin and Tree_Manager it's hard to tell whether
I've got direct rights or inherited rights. Time to break all those equiv's.

 

[TheLad]

In NetWare Administrator, the top level is [Root]. If you can't see it in your existing view, click on the View menu, choose Select Context, and set the context as [Root]

-----------------------------------------------------
"It's true, its damn true!"
-----------------------------------------------------

 

[marvhuffaker]

Or you can hit Backspace -- it will traverse up the tree till you hit [root].

This is what I like to do.. Create a container specifically for admin users. Make that container a trustee of [root] with Supervisor priviledges. Anybody I want to be an admin, I put in that container. rights inherit to anyone in the container, so it's easy to manage. You can also hide the container by putting a filter on it and regular users or hackers will never know it's there.

As a precaution, I also have the 'admin' group within this container that is also a trustee of [root]..

When NetWare 4.x first came out, most people used equivalencies because NDS was new and nobody really understood it, so the concepts from NW 3.1x carried over.. But I had that bite me a couple times and I try to avoid doing equivalencies at all cost. In fact, anytime I see it in any of my clients trees, I change it immediately.



Marvin Huffaker, MCNE

http://www.redjuju.com

 

[LawnBoy]

Ah, I see. [Root] in NWadmin = xxx_Tree in C1. I broke all the equiv's I had and still rule the tree so it's all good.