Hello all: I have a Samba PDC (Samba 2.2.3) on RedHat 7.3 currently serving about 40 to 50 clients with the intent of adding another 60 to 70 in the coming weeks. Everything is working decently well. I do have one problem that I am concerned about though. I have had to make many users Admin users so that a certain application can run. This does not concern me so much except for where data is concerned. I have several high priority users putting data in their Home directory so that it can be backed up on the server. I have discovered that even though these directories are not browsable, anyone who is in the smbadmins group can type //crhpdc/username in Start>Run and have full access to the person's home directory. I am stuck here as to how to fix this. [homes] comment = Home Directories browseable = no writable = yes admin users = @smbadmins [profiles] path = /home/samba/profiles guest ok = yes browseable = no read only = no create mask = 0600 directory mask = 0700 share modes = no So really I am looking for the answer to two questions. 1. How can I have Administrators that have all the power on the local machine, but normal user power on the server? 2. How can I setup "Power Users" so that people might be able to run this piece of software that is giving me problems but won't be Administrators? Any help will be most appreciated. Full SMB.CONF follows. A Cline [global] ;basic server settings workgroup = CRHDOM netbios name = CRHPDC server string = Cushing PDC socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 guest account = nobody ;Standard printing settings printing = BSD print command = /usr/bin/lpr -P%p -r %s lpq command = /usr/bin/lpq -P%p lprm command = /usr/bin/lprm -P%p %j min print space = 2000 ;PDC and master browser settings os level = 64 preferred master = yes local master = yes domain master = yes ;Security and Logging Settings security = user encrypt passwords = yes #update encrypted = yes passwd chat debug = yes domain logons = yes log file = /var/log/samba/log.%m log level = 2 max log size = 50 hosts allow = 127.0.0.1 172.29.56.0/255.255.252.0 ;User profiles and home directory #logon home = \\%L\%U\.profile logon drive = R: logon path = \\%L\profiles\%U logon script = %U.bat add user script = /usr/sbin/useradd -d /dev/null -g smbmachines -s /bin/false -M %u domain admin group = @smbadmins cpatter sharriso ;Password Syncronization unix password sync = yes passwd program = /usr/local/bin/smbpasswd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authen tication*tokens*updated*successfully* pam password change = Yes #domain group map = /etc/samba/group.mapping #==Shares= [homes] comment = Home Directories browseable = no writable = yes admin users = @smbadmins [profiles] path = /home/samba/profiles guest ok = yes browseable = no read only = no create mask = 0600 directory mask = 0700 share modes = no ;nt acl support = no [netlogon] browseable = no path = /home/netlogon root preexec = perl /root/mklogonscript.pl %u %m %a [etime] path = /home/samba/etime browseable = no read only = yes create mask = 0660 directory mask = 0770 write list = @etime @smbadmins force group = etime admin users = acline bob bmyers [financials] path = /home/samba/financials create mask = 0660 directory mask = 0770 browseable = no read only = yes write list = @financials @smbadmins admin users = acline bob bmyers force group = financials [123work] path = /home/samba/lotus create mask = 0660 directory mask = 0770 browseable = no read only = yes write list = @lotus @smbadmins admin users = @smbadmins force group = lotus [vp10] path = /home/samba/vp10 create mask = 0660 directory mask = 0770 browseable = no read only = yes write list = @vp10 @smbadmins admin users = @smbadmins force group = vp10 [mrms] path = /home/samba/mrms create mask = 0660 directory mask = 0770 browseable = no read only = yes write list = @mrms @smbadmins admin users = @smbadmins force group = mrms [product] path = /home/samba/product create mask = 0660 directory mask = 0770 browseable = no read only = yes write list = @product @smbadmins admin users = @smbadmins force group = product [software] path = /home/samba/software create mask = 0660 directory mask = 0770 browseable = no read only = yes write list = @smbadmins admin users = @smbadmins force group = smbadmins [backup] path = /home/samba/backup create mask = 0660 directory mask = 0770 browseable = no read only = yes write list = @smbadmins admin users = @smbadmins force group = smbadmins [printers] guest ok = yes printable = yes guest account = ftp use client driver = yes _________________________________________________________________ MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus