/**********************************************************************/
/**			  Microsoft LAN Manager 		     **/
/**		   Copyright(c) Microsoft Corp., 1991		     **/
/**********************************************************************/

/*
    opright.txt

    This file describes how the admins/users/guests and
    operator right groups will function in the User Tool.


    FILE HISTORY:
	rustanl     15-Aug-1991     Created based on 13-Aug-1991
				    discussion with davidtu.

*/



GROUP LISTBOX, MAIN WINDOW

    For both down-level and up-level, add the groups returned by
    NetGroupEnum.


SET SELECTION DIALOG

    Display a list of the very same groups that are displayed
    in the group listbox in the main window.  Use NetGroupGetUsers
    to determine which users are in the group selected.


GROUP MEMBER ROSTER "SET CONTROL", GROUP PROPERTY DIALOG

    Note for the BLT-illiterate:  The Set Control is the dual
    listbox with a set of Add and Remove buttons.  It displays
    a set of items, and lets the user select a subset of these.
			      (End of Note for the BLT-illiterate.)

    For the set, use the users displayed in the user listbox
    in the main window.

    For down-level, if the selected group is one of A/U/G (ADMINS,
    USERS, or GUESTS), the set control is disabled (made read-only)
    (i.e., disable the set control so that group memberships cannot
    be modified).  Do not call NetGroupSetUsers on these groups.

    For up-level, if the selected group is one of A/U/G (DOMAIN_ADMINS,
    DOMAIN_USERS, or DOMAIN_GUESTS) or is one of the in NT1 6
    special operator right groups, the set control is disabled.
    Do not call NetGroupSetUsers on these groups.


USER GROUP MEMBERSHIP "SET CONTROL", USER SUB-PROPERTY DIALOG

    Include in the set all groups displayed in the group listbox
    in the main window.  For down-level, also include four
    specially named groups (named below); for up-level, include
    no other groups.

    The special down-level groups will correspond to the 4 operator
    rights that the UAS supports today (account, server, print,
    and comm operator rights).	The names of these groups will
    resemble the names of the equivalent groups in SAM, except
    that the names will in some way be extended beyond GNLEN.
    This way, it is guaranteed that the current UAS group doesn't
    already include these group names.

    Parenthesis:  It would be nice to simply be able to prepend
    some special character to these names.  That special character
    would then have to be one that wouldn't normally be valid
    characters for a group name in the UAS.  Unfortunately,
    I_NetNameValidate given NAMETYPE_GROUP only checks the length
    of the name--not the characters themselves.  Therefore,
    the only way to make an invalid UAS group name is to break
    the length requirement, hence extend the length of the
    name beyond GNLEN.	For historical reasons, the text below
    will refer to a name which begins with a $-sign.  This is
    used to refer to these special groups, which only occur in
    the down-level case.		      (End of Parenthesis.)

    Each of the $-groups will be placed in the right hand listbox
    exactly when all selected users are in group USERS and
    have the corresponding operator right.

    During dialog operation, if one of the A/U/G groups is selected,
    or if a group beginning with a $ is selected when the USERS
    group does not appear in the left listbox, then the set control
    will be disabled.  (When none of these groups is selected,
    the set control is always enabled.)

    To commit the information of each user, non-$ groups are treated
    by calling NetUserSetGroups.  If the $-groups have changed,
    NetUserSetInfo, level 2, is used to set the operator rights.

    Implementation note:  The internal USER2 objects need to be
    updated both for up-level and down-level.  However, WriteInfo
    is only called on these objects for down-level.
				      (End of Implementation note.)

    Note:  The $-groups will only appear in the User Tool when
    admining down-level, and then they will only appear in this
    dialog.					     (End of Note.)


ACCOUNT INFORMATION DIALOG, USER SUB-PROPERTY DIALOG

    The Account Information dialog will provide a set of
    radio buttons, corresponding to the A/U/G groups (or "priv levels",
    for those of the readers who remember down-level lingo).
    These radio buttons are set according to the "priv" field
    retrieved from NetUserGetInfo.

    Note:  This is *the* place in the User Tool where membership
    in these groups can be set. 		     (End of Note.)

    This dialog does not feature a set of check boxes used to
    select operator rights.

    Note:  Recall, setting operator rights is available in *one*
    other place, viz. the Group Membership, User Sub-Property dialog.
						     (End of Note.)

    Implementation note:  The internal USER_MEMB objects need to be
    updated both for up-level and down-level.
				      (End of Implementation note.)



//  end of opright.txt
