Re: Rights - 2003 Server in Windows NT4 Domain
From: Herb Martin (news_at_LearnQuick.com)
Date: 03/08/04
- Next message: Layne: "Re: Cannot log in to Windows"
- Previous message: Herb Martin: "Re: Forcing Roaming Profiles to load???"
- In reply to: fubarsnafu2004: "Re: Rights - 2003 Server in Windows NT4 Domain"
- Messages sorted by: [ date ] [ thread ]
Date: Sun, 7 Mar 2004 22:36:00 -0600
> I tried the 2 different net use commands from a w/s that is not a
> member of the domain, I authenticated to the server but still could
> not create folders on the share APPS. But I can add/remove/modify the
> secuirty of different groups/user to this share.
> Weird
>
Well that would suggest that you had FC of the share, and only READ
(or similar) on the directories on the share.
You do realize that you must have at least CHANGE on both (share and
NTFS) to add files etc., right?
You obviously have FC of the share itself, because changing security items
(permission, auditing, ownership) requires that and you succeeded in
changing the share permissions.
-- Herb Martin "fubarsnafu2004" <fubarsnafu2004@yahoo.com> wrote in message news:624f5166.0403071904.70a06b84@posting.google.com... > Herb > > > "Herb Martin" <news@LearnQuick.com> wrote in message news:<#z2XLbHBEHA.2476@TK2MSFTNGP12.phx.gbl>... > > "fubarsnafu2004" <fubarsnafu2004@yahoo.com> wrote in message > > news:624f5166.0403070746.1fc65dcb@posting.google.com... > > > I have a Windows NT 4 domain with one PDC - I just installed a Windows > > > 2003 Server into the domain. The Domain name is called CARTOONS, > > > before the domain came their was a workgroup called CARTOONS and the > > > workgroup is still here. All most all computers are members of the > > > workgroup CARTOONS, which I think is my problem. > > > > NT-class machines should prefer being Domain machines but none > > of that should interfere with the 2003 Server as a domain member. > > > > If you logon to a workgroup machine that is NT-based you are NOT > > going to be logging on to your DOMAIN account however so you will > > need to authenticate separately to access "domain resources" (e.g., the > > 2003 server.) > > > > > I login to the 2003 server and gave my self admin rights as a local > > > user, I am also a member of the domain administrator group as well. > > > > You can't be a Local user and a Domain user (for logon) at the same > > time -- even if the account names look the same. > > > > You might have given your domain account local privileges though. > > > > > But when I login on a W/S and attach a drive to the 2003 server from > > > this W/S that is a member of the Workgroup I don't have any rights. > > > > How do you "attach the drive"? Do you authenticate explicitly? > > If not, you may be getting authenticated not be the "user" you think you > > are -- perhaps even "guest." > > > > Remember, an NT-class machine that is not a DOMAIN member does > > not allow you to logon to a domain account -- you will be using a > > machine account that is irrelevant to the domain and to that member > > 2003 server. > > > > > I > > > attach fine, can attach to a shared folder but can't create any new > > > folders. I have gave myself full rights to the root of the drive on > > > 2003 server, both as my user name on 2003 server and through the > > > domain admin group. But still can't create folders.I also gave all > > > rights but full control to domain\users and authenticated\users at > > > same location. > > > > Try an explicitly logon -- the GUI allows this but it is easier to test > > and troubleshoot from the command line: > > > > net use * \\ServerName\ShareName * /user:DomainName\Username > > > > (If it is a "server" machine account you use ServerName in place of > > DomainName) > > net use * \\ServerName\ShareName * /user:ServerName\Username > > > > > > > I have had this problem on another Network where I had a 2000 server > > > in a windows NT4 domain, I ended up have to create each user on the > > > 2000 server and give them rights their instead of a the domain level, > > > for a sql database applciations to work correctly. In this network all > > > computers where members of the domain. > > > > > > I think my choices are > > > 1) Make the 2003 server a member of workgroup and add all users as > > > local users, create a group and give rights to the group. > > > > Terrible idea. It CAN work for only a few users, but since you already > > have a DOMAIN, there is zero advantage to this method and several > > disadvantages. > > > > > 2) Make all computers that need access to the Windows 2003 server > > > members of the domain and manage rights for their, which may require > > > me to create all users lcoal and give them rights local through a > > > group anyway. > > > > Do it this way -- it's the right thing to do. > > > > > Seting up Active Directory is not an option at this time. > > > > Not really an issue, since your problem is that ever user is logging on to > > MACHINE specific account which does not allow transparent access > > to the DOMAIN resources. Even putting the "server" out of the domain > > would still not make the access to "server" resources transparent without > > extra work.
- Next message: Layne: "Re: Cannot log in to Windows"
- Previous message: Herb Martin: "Re: Forcing Roaming Profiles to load???"
- In reply to: fubarsnafu2004: "Re: Rights - 2003 Server in Windows NT4 Domain"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
