Re: 2003 server file rights
- From: "Cary Shultz [A.D. MVP]" <cwshultz@xxxxxxxx>
- Date: Thu, 6 Oct 2005 00:58:23 -0400
MIke,
Glad to see that you got an answer. You are right - it is often the most
obvious that we overlook.
Up late as about the only time that I have to do this now ( for a good long
while now ) is at this time....or very early in the morning!
--
Cary W. Shultz
Roanoke, VA 24012
WIN2000 Active Directory MVP
http://www.activedirectory-win2000.com
(soon to be updated!!!)
http://www.grouppolicy-win2000.com
(soon to be updated!!!)
"Mike Hyatt" <MikeHyatt@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:6695E077-C6FB-44DB-9809-7D4F14845907@xxxxxxxxxxxxxxxx
> Cary, a well written response and I see you're up late...
>
> One of my first thoughts was an implicit deny somewhere possibly with
> another group membership however I believe I've pretty much serched that
> out.
> The group is a security group.
>
> As for the default permissions in 2003, it's about time, it took me a lot
> of
> time setting my 2000 servers with what 2003 now does by default. I come
> from
> a Novell background.
>
> I've been stung by the security token thing in the past, again I came from
> a
> Novell background. With that in mind you point out one of the obvious,
> NTFS
> plus share rights. Sometimes the most obvious is the most difficult to
> see. I
> will review in the morning and let you know.
>
> Again thanks for your response, very professional...
>
> "Cary Shultz [A.D. MVP]" wrote:
>
>> Mike,
>>
>> Just a thought: are you giving both SHARE and NTFS permissions? It is a
>> common mistake ( not saying that you are making it, just have seen it a
>> lot! ) that people give just the NTFS or just the SHARE permissions, but
>> not
>> both.
>>
>> Also, if you created the group ( what kind of group is it?) and then
>> created
>> the shared folder and then assigned the permissions ( both of them! ) and
>> the users were not already a member of that group then they will have to
>> log
>> off and then back on.....the whole security token thing comes into play
>> here.
>>
>> WIN2003 does set significantly different default permissions ( example,
>> the
>> EVERYBODY group now has just read permissions in WIN2003 whereas it used
>> to
>> have full control in WIN2000...... ).
>>
>> Is there an explicit 'DENY' anywhere in the directory structure?
>>
>> Does this help?
>>
>> --
>> Cary W. Shultz
>> Roanoke, VA 24012
>>
>> WIN2000 Active Directory MVP
>> http://www.activedirectory-win2000.com
>> (soon to be updated!!!)
>> http://www.grouppolicy-win2000.com
>> (soon to be updated!!!)
>>
>>
>>
>> "Mike Hyatt" <MikeHyatt@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:85051A40-974A-40A1-917B-027C601E7D80@xxxxxxxxxxxxxxxx
>> >I have a Windows 2003 member server in my Windows 2000 domain. I am
>> >having
>> >a
>> > problem assigning rights on the 2003 server. I created a group on one
>> > of
>> > my
>> > Windows 2000 controllers, assigned the group rights to a shared folder
>> > on
>> > the
>> > Windows 2003 server but they don't get access to the folder. This is
>> > pretty
>> > straight forward stuff but I just can't see why they don't get access.
>> > There
>> > have been some some other curious rights issues on that server. I do
>> > not
>> > have
>> > Windows 2003 training but it looks pretty much like 2000 from what I
>> > can
>> > see.
>> > I've given enough time for propagation if thats what's needed.
>> >
>> > Any ideas why this might be failing.
>>
>>
>>
.
- Follow-Ups:
- Re: 2003 server file rights
- From: Mike Hyatt
- Re: 2003 server file rights
- References:
- Re: 2003 server file rights
- From: Cary Shultz [A.D. MVP]
- Re: 2003 server file rights
- Prev by Date: Re: Organizaional Unit Policy
- Next by Date: Re: Time Server for the domain
- Previous by thread: Re: 2003 server file rights
- Next by thread: Re: 2003 server file rights
- Index(es):
Relevant Pages
|
