Our Service Desk want access to the filer to close open files. This seems to be a problem at shift changes where a file remains locked which another user needs to edit. The preferred access tool is "Computer Management" (or alternatively Hyena).
If I put a Service desk user, or the AD group created for the purpose into the "Power Users" they can do what they need to do.
If I put a Service desk user, or the AD group created for the purpose into a group I defined, using a role I defined, they get access denied.
toaster> useradmin domainuser list -g "Power users"
List of SIDS in Power users
toaster> useradmin domainuser list -g isservicedesk
Members of the custom users group doesn't have access to session management through MMC
The users can manage the sessions through MMC, only if they belong to Administrators or "Power Users" group. The other custom group members can't manage this, even though the group they belong to has the roles of
"admin" and/or "power". This occurs because the access check for session management through MMC is based on the RID that is assigned to the group and not theroles of the group.
No workaround exists this feature is by the design