This right determines whether or not smbd will allow the user to create new user or group accounts via such tools as net rpc user add or NT4 User Manager for Domains.

Accounts that possess this right will be able to execute scripts defined by the add/delete/change share command in smb.conf file as root. Such users will also be able to modify the ACL associated with file shares on the Samba server.

This right controls whether or not the user can join client machines to a Samba-controlled domain.

This privilege operates identically to the printer admin option in the smb.conf file (see section 5 man page for smb.conf) except that it is a global right (not on a per-printer basis). Eventually the smb.conf option will be deprecated and administrative rights to printers will be controlled exclusively by this right and the security descriptor associated with the printer object in the ntprinters.tdb file.

Samba provides two hooks for shutting down or rebooting the server and for aborting a previously issued shutdown command. Since this is an operation normally limited by the operating system to the root user, an account must possess this right to be able to execute either of these hooks.

This right permits users to take ownership of files and directories.