Hi, I'm trying to remotely add domain users to the Administrators group of a domain machine using the net command on my PDC (samba 3.4.0). For Windows 2000 and XP that's not a problem. Windows 7 Enterprise seems to be more difficult, though. With the following command I can list the members of the group on any machine: net rpc group members Administrators -U "machine\admin" -S machine This works fine and includes machine\admin When I'm running: net rpc group addmem Administrators "domain\user" -U "machine\admin" -S machine Windows 7 tells me: Could not add domain\user to Administrators: NT_STATUS_ACCESS_DENIED I've been looking around in the security policies but couldn't find anything related. Any ideas how to make this work? Cheers, Tom

This behavior can be caused by UAC. You may temporary disable UAC on one Windows 7 Enterprise computer, then run the command and check the result. Arthur Xie - MSFT

Hi Arthur, you are right, it works when I'm disabling UAC. Unfortunately, disabling UAC isn't quite what I would call a 'solution'. Is there a way of doing this with leaving UAC activated? Perhaps use a different command or tweak the registry somewhere? Tom

This is security improvement since Windows Vista. As I know there are no solid solutions for it. You may post in some Samba forums to discuss.

I tried the samba mailing list - no response :/ Tom