Re: Group permissions
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Wed, 5 Apr 2006 23:41:35 -0700
Only administrators group members on the sharing-out machine
can access its administrative shares. You should define shares
with the share-level permissions set appropriately and with the
share-root restricted to only the needed. If you non-admin users
have a problem with such share access, tie them together for them
in a DFS struct
"Rob" <Rob@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:DC7A0B08-4F90-46D3-8B40-8C9EFB4F82EB@xxxxxxxxxxxxxxxx
I figured out the Remote Desktop problem. Now I just need help on the
administrative share problem.
"Rob" wrote:
We have an IT department of 12 people. We don't want all of them to be
domain
admins, so we created a global security group so that they can remote
into
pc's and the like. Our DC's are currently running Windows 2000. We're
upgrading to 2003 in about a month.
We did delegation of control, created custom task to delegate, delegate
control of this folder (for the OU we selected), checked all 3 boxes for
showing permissions, granted full control. We also created a GPO to allow
logon through terminal services and allow logon locally. We applied the
GPO.
Here are 2 problems we're running into.
1. Members of new global security group cannot remote desktop in to any
machine.
2. Members of new group cannot browse to any administrative share.
Both of the above are critical to these members but for security reasons
we
don't want them to be domain admins.
Any ideas/suggestions?
.
- Prev by Date: Re: this SHOULD be simple... any ideas?
- Next by Date: Re: ADAM Schema Problem
- Previous by thread: Re: ADAM Schema Problem
- Next by thread: Re: Group permissions
- Index(es):
Relevant Pages
|
