Re: Security Group Problem

From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 06/12/04 

Date: Sat, 12 Jun 2004 07:18:53 -0700

The user must log off and back in after they have
been added to / removed from a group for those
changes to be effective. Apparently that account
was logged in before you defined the new group,
and so was using the token from before their group
memberships changed.

PS. the Win2000 series of NGs has not been removed. 

-- 
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCSE (W2k3,W2k,Nt4)  MCDBA
"Charlie B" <anonymous@discussions.microsoft.com> wrote in message
news:1b82701c45013$bd3d5310$a401280a@phx.gbl...
> This is a windows 2k server, that news group no longer
> exits so I am posting here
>
> I am trying to create a restricted network share
> directory.  I create a security group.  I have tried both
> domain local and global.  I add a user to the group.  I
> create a directory, share the directory and create a sub
> directory.  At this point the permissions include
> everyone and the user has access to the directory.  I
> deal at the subdirectory level to separate directory
> permission issues from share issues.  So at the sub
> directory I change the permissions to remove everyone.
> This requires removal of the inherited permissions check
> box.  I then add domain users to the directory
> permissions -- the user has access.  I remove domain
> users and add the user directly -- the user has access.
> I remove the user and add the group (which contains the
> user) and the user gets access is denied.  I add domain
> users to the local group and the user still gets access
> denied.
>
> In summary, I can add Domain Users, the user directly or
> everyone to the permissions and the user gets access.  If
> I add the group that contains either the user or even
> when it contains domain users access is denied.  So
> something seems to be wrong with the use of the group for
> access control
>
> Any help greatly appreciated
> Charlie Bisbee
>
>

Relevant Pages

  • Re: problem with logon on a windows 2000 or XP client machine
    ... Did you change any permissions on these computers either locally or via ... the local administrator group on the computer), I get my desktop and I ... When I add the domain users ... to the local administrators group and log in with a domain user ...
    (microsoft.public.win2000.security)
  • Re: Domain account iwth restricted rights
    ... Normally the "Authenticated Users" special group has the logon locally ... The Domain Users causes the "Logon Locally" right to be present ... So you need both different permissions and different rights perhaps. ... What is the best way to lock down these accounts? ...
    (microsoft.public.windows.server.active_directory)
  • Re: Domain account iwth restricted rights
    ... That was probably added to account for the change above. ... The Domain Users causes the "Logon Locally" right to be present ... So you need both different permissions and different rights perhaps. ...
    (microsoft.public.windows.server.active_directory)
  • Security Group Problem
    ... I am trying to create a restricted network share ... So at the sub ... directory I change the permissions to remove everyone. ... I then add domain users to the directory ...
    (microsoft.public.windows.server.active_directory)
  • Re: Operation must use an updateable query ..
    ... Jim are you giving the ASPNET acct the right permissions? ... >>> I have a single MS Access 2003 DB with a single table TMaster and Four ... >>> Public Sub EditRecord(ByVal Sender As Object, ... >>> Public Sub CancelRecord(ByVal Sender As Object, ...
    (microsoft.public.dotnet.framework.aspnet)