Re: Rights - 2003 Server in Windows NT4 Domain

From: fubarsnafu2004 (fubarsnafu2004_at_yahoo.com)
Date: 03/08/04 

Date: 7 Mar 2004 19:04:10 -0800

Herb

I tried the 2 different net use commands from a w/s that is not a
member of the domain, I authenticated to the server but still could
not create folders on the share APPS. But I can add/remove/modify the
secuirty of different groups/user to this share.
Weird

"Herb Martin" <news@LearnQuick.com> wrote in message news:<#z2XLbHBEHA.2476@TK2MSFTNGP12.phx.gbl>...
> "fubarsnafu2004" <fubarsnafu2004@yahoo.com> wrote in message
> news:624f5166.0403070746.1fc65dcb@posting.google.com...
> > I have a Windows NT 4 domain with one PDC - I just installed a Windows
> > 2003 Server into the domain. The Domain name is called CARTOONS,
> > before the domain came their was a workgroup called CARTOONS and the
> > workgroup is still here. All most all computers are members of the
> > workgroup CARTOONS, which I think is my problem.
>
> NT-class machines should prefer being Domain machines but none
> of that should interfere with the 2003 Server as a domain member.
>
> If you logon to a workgroup machine that is NT-based you are NOT
> going to be logging on to your DOMAIN account however so you will
> need to authenticate separately to access "domain resources" (e.g., the
> 2003 server.)
>
> > I login to the 2003 server and gave my self admin rights as a local
> > user, I am also a member of the domain administrator group as well.
>
> You can't be a Local user and a Domain user (for logon) at the same
> time -- even if the account names look the same.
>
> You might have given your domain account local privileges though.
>
> > But when I login on a W/S and attach a drive to the 2003 server from
> > this W/S that is a member of the Workgroup I don't have any rights.
>
> How do you "attach the drive"? Do you authenticate explicitly?
> If not, you may be getting authenticated not be the "user" you think you
> are -- perhaps even "guest."
>
> Remember, an NT-class machine that is not a DOMAIN member does
> not allow you to logon to a domain account -- you will be using a
> machine account that is irrelevant to the domain and to that member
> 2003 server.
>
> > I
> > attach fine, can attach to a shared folder but can't create any new
> > folders. I have gave myself full rights to the root of the drive on
> > 2003 server, both as my user name on 2003 server and through the
> > domain admin group. But still can't create folders.I also gave all
> > rights but full control to domain\users and authenticated\users at
> > same location.
>
> Try an explicitly logon -- the GUI allows this but it is easier to test
> and troubleshoot from the command line:
>
> net use * \\ServerName\ShareName * /user:DomainName\Username
>
> (If it is a "server" machine account you use ServerName in place of
> DomainName)
> net use * \\ServerName\ShareName * /user:ServerName\Username
>
>
> > I have had this problem on another Network where I had a 2000 server
> > in a windows NT4 domain, I ended up have to create each user on the
> > 2000 server and give them rights their instead of a the domain level,
> > for a sql database applciations to work correctly. In this network all
> > computers where members of the domain.
> >
> > I think my choices are
> > 1) Make the 2003 server a member of workgroup and add all users as
> > local users, create a group and give rights to the group.
>
> Terrible idea. It CAN work for only a few users, but since you already
> have a DOMAIN, there is zero advantage to this method and several
> disadvantages.
>
> > 2) Make all computers that need access to the Windows 2003 server
> > members of the domain and manage rights for their, which may require
> > me to create all users lcoal and give them rights local through a
> > group anyway.
>
> Do it this way -- it's the right thing to do.
>
> > Seting up Active Directory is not an option at this time.
>
> Not really an issue, since your problem is that ever user is logging on to
> MACHINE specific account which does not allow transparent access
> to the DOMAIN resources. Even putting the "server" out of the domain
> would still not make the access to "server" resources transparent without
> extra work.

Relevant Pages

  • Re: KRB Error
    ... approximately 4 pages of GP settings that include settings in User rights ... with no warranties and confers no rights] ... party vendor was used to harden security on this server and another ... both members of Domain A. Another member server on Domain A did not ...
    (microsoft.public.win2000.active_directory)
  • Re: no Domain Admin rights to a Domain Server
    ... If the computer is still a member of the domain with proper DNS name ... the domain it needs to be joined to the domain again and the domain admins ... I can logon locally to the machine but the rights are that of a ... the server belongs to engineering and the person in charge ...
    (microsoft.public.win2000.security)
  • SQL 6.5 - Rights - Not Working Correctly
    ... rights issue with for certain SQL users that are a member ... the server. ... that is a member of the group 'ReadOnly' in database XYZ. ...
    (microsoft.public.sqlserver.security)
  • Re: acessing a share
    ... If you are logging on to a share that is not a member ... a local user on the server ... that server is a domain controller, thus I cannot create local accounts there. ... Since this is my work's laptop I cannot change its network membership and do other things to network interfaces that might solve this problem. ...
    (microsoft.public.windows.server.networking)
  • Re: Rights - 2003 Server in Windows NT4 Domain
    ... >> of that should interfere with the 2003 Server as a domain member. ... >> You might have given your domain account local privileges though. ... >>> this W/S that is a member of the Workgroup I don't have any rights. ...
    (microsoft.public.win2000.active_directory)
Loading