Security Group Problem

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Charlie B (anonymous_at_discussions.microsoft.com)
Date: 06/12/04

• Next message: ronc: "Re: Multiple accounts"
• Previous message: art: "Problem with AD and DNS for 2003"
• Next in thread: Roger Abell: "Re: Security Group Problem"
• Reply: Roger Abell: "Re: Security Group Problem"
• Reply: Joe Richards [MVP]: "Re: Security Group Problem"
• Messages sorted by: [ date ] [ thread ]

---

Date: Fri, 11 Jun 2004 17:25:18 -0700

This is a windows 2k server, that news group no longer
exits so I am posting here

I am trying to create a restricted network share
directory. I create a security group. I have tried both
domain local and global. I add a user to the group. I
create a directory, share the directory and create a sub
directory. At this point the permissions include
everyone and the user has access to the directory. I
deal at the subdirectory level to separate directory
permission issues from share issues. So at the sub
directory I change the permissions to remove everyone.
This requires removal of the inherited permissions check
box. I then add domain users to the directory
permissions -- the user has access. I remove domain
users and add the user directly -- the user has access.
I remove the user and add the group (which contains the
user) and the user gets access is denied. I add domain
users to the local group and the user still gets access
denied.

In summary, I can add Domain Users, the user directly or
everyone to the permissions and the user gets access. If
I add the group that contains either the user or even
when it contains domain users access is denied. So
something seems to be wrong with the use of the group for
access control

Any help greatly appreciated
Charlie Bisbee

---

• Next message: ronc: "Re: Multiple accounts"
• Previous message: art: "Problem with AD and DNS for 2003"
• Next in thread: Roger Abell: "Re: Security Group Problem"
• Reply: Roger Abell: "Re: Security Group Problem"
• Reply: Joe Richards [MVP]: "Re: Security Group Problem"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: Security Group Problem ... So at the sub ... > directory I change the permissions to remove everyone. ... I then add domain users to the directory ... > Charlie Bisbee ... (microsoft.public.windows.server.active_directory) Re: local users and groups ... following error message occurs; "access to the \\servername has been ... group on the AD and the domain users group is in the users group of the ... If you look at the actual folder that is shared on server3, right click the folder name, choose properties, then choose Sharing tab. ... What groups/users do you see in there, and what are their share permissions? ... (microsoft.public.windows.server.active_directory) Re: problem with logon on a windows 2000 or XP client machine ... Did you change any permissions on these computers either locally or via ... the local administrator group on the computer), I get my desktop and I ... When I add the domain users ... to the local administrators group and log in with a domain user ... (microsoft.public.win2000.security) Re: Domain account iwth restricted rights ... That was probably added to account for the change above. ... The Domain Users causes the "Logon Locally" right to be present ... So you need both different permissions and different rights perhaps. ... (microsoft.public.windows.server.active_directory) Re: Domain account iwth restricted rights ... Normally the "Authenticated Users" special group has the logon locally ... The Domain Users causes the "Logon Locally" right to be present ... So you need both different permissions and different rights perhaps. ... What is the best way to lock down these accounts? ... (microsoft.public.windows.server.active_directory)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.active_directory  > 2004-06