I think you misunderstand the reply above. The "BUILTIN\ADMINISTRATORS" group is the equivalent of the "Local Admins" group on a Windows server. It is not a domain-wide setting, it is a setting on an SVM that you want to let them create shares on.
An SVM hosting CIFS shares can be considered to be a Windows server in most operational respects. This is one of them. It has a local set of groups and users that can be defined. Just as on a typical Windows server there must be a group/user with appropriate permissions on the server to be able to create new shares. That same type of permission is needed on the SVM.
So a question to explore would be how would the help desk create a share through MMC on any other Windows server in your environment and what permissions/security group are they members of (explicitly or implicitly) on those servers? That's the level of access that will be needed on the SVM as well.
Bob, thanks for the explanation. Not sure I want them in a group where they have rights to "fully administer the file"?
However, our helpdesk guys were able to create CIFS shares on the same vservers which were on 7-mode: once migrated to cDOT they can no longer do this and their rights haven't changed. They are still able to create CIFS shares for vservers still on 7-mode.
Matt, thanks I used that KB to create the cifs superuser for the vserver: cifs superuser create -vserver testvserver -domain LIVE -accountname testuser. The article states that testuser which is now a superuser should now be able to create CIFS shares. I will explore WFA nest - but would like their published fix to work.
"Can users other than Domain Administrators access an MMC to a Cluster-Mode node?
Yes. To set this up, the user should be added to the vserver as a cifs superuser. This is available in advanced mode."
Example: ::> set advanced ::*> cifs superuser create -vserver vs0 -domain DOMAIN -accountname user
*> cifs superuser show -vserver testvserver Vserver CIFS Server Domain Account Name -------------- --------------- --------------- ------------ testvserver testv LIVE testuser
However, the above doesn't solve the problem of the helpdesk not having access to create CIFS shares. Any ideas?