Re: Local folder permissions and AD (2003)

GrannyKlump schrieb:
We are in the process of switching to AD and we are having some permission issues with a folder on the HD of the local workstation.

We installed this old VB 3.0 application on our XP pro work station and when a "regular" user logs in they can not use the application. The app throws a read error. I can login in as local admin and it works just fine, so it has to be a permissions issue. so i checked the security settings on this folder and it seems to have all the needed rights for the domain users group to access the folder. The application does need write access so i check those boxes as well. The application at that point will run but some parts of the application still dont function correctly but they do if i log in as admin.

I am torn as how to best handle this situation. Should i add the user to the local admin group of the work station? I'm not sure i dont want to do that since i would like to keep users from installing stuff and making changes.

Is there something i am missing with the folder permissions? Any ideas?

No! Dont make an normal user to a member of the local admin group.

1. Download the tools "filemon" and "regmon" from www.sysinternals.com
2. Logon as normal user on the workstation and start this two tools with runas
3. Trace the file and registry access and filter the output for "ACCESS DENIED"
4. On the Workstation you should use the "Security and Analysis" Tool to analyze and set the correct permissions on the Workstation. After the old program works well with user rights you can export the security settings in an security template(*.inf)
5. Place all workstations that need this settings in an ou and create an policy. In this policy you can import this security template and so all workstation use this settings.

--
Viele Grüße
Frank Röder
MVP Windows Server System - Directory Services
"Ex oriente lux"
.

Relevant Pages

  • Re: Security Exception when deploying a VB.NET 2003 Solution
    ... It runs fine on any workstation. ... folder 2 levels up from the BIN folder where the application resides. ... Microsoft .NET security errors upon trying to start the Executable. ... I bet the workstaion is WinXP and your app is trying to write data( ...
    (microsoft.public.vsnet.general)
  • RE: My Docs not redirecton on single workstation
    ... I understand that My Documents Redirection ... Properties, click the Target tab, click Move to change the folder ... If it is not the case, please try to log on to another workstation ... click to check the "Hide All Microsoft Services" ...
    (microsoft.public.windows.server.sbs)
  • Re: Network shares cannot connect
    ... Changed value to 0 just waiting to re-boot the server and test logins. ... Workstation Name: - ... let's focus on the Users Shared Folder first. ... To check this permission, please click the Advanced button, select ...
    (microsoft.public.windows.server.sbs)
  • Re: Network shares cannot connect
    ... Changed value to 0 just waiting to re-boot the server and test logins. ... Workstation Name: - ... let's focus on the Users Shared Folder first. ... To check this permission, please click the Advanced button, select ...
    (microsoft.public.windows.server.sbs)
  • Re: Torgeir Bakken
    ... > are members of its just mapping by groups that COMPUTERS are members of. ... permit a resource to it and add a workstation to it. ... files you are to update are in the unit seven folder". ...
    (microsoft.public.windows.server.scripting)
Loading