/**********************************************************************/ /** Microsoft LAN Manager **/ /** Copyright(c) Microsoft Corp., 1991 **/ /**********************************************************************/ /* opright.txt This file describes how the admins/users/guests and operator right groups will function in the User Tool. FILE HISTORY: rustanl 15-Aug-1991 Created based on 13-Aug-1991 discussion with davidtu. */ GROUP LISTBOX, MAIN WINDOW For both down-level and up-level, add the groups returned by NetGroupEnum. SET SELECTION DIALOG Display a list of the very same groups that are displayed in the group listbox in the main window. Use NetGroupGetUsers to determine which users are in the group selected. GROUP MEMBER ROSTER "SET CONTROL", GROUP PROPERTY DIALOG Note for the BLT-illiterate: The Set Control is the dual listbox with a set of Add and Remove buttons. It displays a set of items, and lets the user select a subset of these. (End of Note for the BLT-illiterate.) For the set, use the users displayed in the user listbox in the main window. For down-level, if the selected group is one of A/U/G (ADMINS, USERS, or GUESTS), the set control is disabled (made read-only) (i.e., disable the set control so that group memberships cannot be modified). Do not call NetGroupSetUsers on these groups. For up-level, if the selected group is one of A/U/G (DOMAIN_ADMINS, DOMAIN_USERS, or DOMAIN_GUESTS) or is one of the in NT1 6 special operator right groups, the set control is disabled. Do not call NetGroupSetUsers on these groups. USER GROUP MEMBERSHIP "SET CONTROL", USER SUB-PROPERTY DIALOG Include in the set all groups displayed in the group listbox in the main window. For down-level, also include four specially named groups (named below); for up-level, include no other groups. The special down-level groups will correspond to the 4 operator rights that the UAS supports today (account, server, print, and comm operator rights). The names of these groups will resemble the names of the equivalent groups in SAM, except that the names will in some way be extended beyond GNLEN. This way, it is guaranteed that the current UAS group doesn't already include these group names. Parenthesis: It would be nice to simply be able to prepend some special character to these names. That special character would then have to be one that wouldn't normally be valid characters for a group name in the UAS. Unfortunately, I_NetNameValidate given NAMETYPE_GROUP only checks the length of the name--not the characters themselves. Therefore, the only way to make an invalid UAS group name is to break the length requirement, hence extend the length of the name beyond GNLEN. For historical reasons, the text below will refer to a name which begins with a $-sign. This is used to refer to these special groups, which only occur in the down-level case. (End of Parenthesis.) Each of the $-groups will be placed in the right hand listbox exactly when all selected users are in group USERS and have the corresponding operator right. During dialog operation, if one of the A/U/G groups is selected, or if a group beginning with a $ is selected when the USERS group does not appear in the left listbox, then the set control will be disabled. (When none of these groups is selected, the set control is always enabled.) To commit the information of each user, non-$ groups are treated by calling NetUserSetGroups. If the $-groups have changed, NetUserSetInfo, level 2, is used to set the operator rights. Implementation note: The internal USER2 objects need to be updated both for up-level and down-level. However, WriteInfo is only called on these objects for down-level. (End of Implementation note.) Note: The $-groups will only appear in the User Tool when admining down-level, and then they will only appear in this dialog. (End of Note.) ACCOUNT INFORMATION DIALOG, USER SUB-PROPERTY DIALOG The Account Information dialog will provide a set of radio buttons, corresponding to the A/U/G groups (or "priv levels", for those of the readers who remember down-level lingo). These radio buttons are set according to the "priv" field retrieved from NetUserGetInfo. Note: This is *the* place in the User Tool where membership in these groups can be set. (End of Note.) This dialog does not feature a set of check boxes used to select operator rights. Note: Recall, setting operator rights is available in *one* other place, viz. the Group Membership, User Sub-Property dialog. (End of Note.) Implementation note: The internal USER_MEMB objects need to be updated both for up-level and down-level. (End of Implementation note.) // end of opright.txt