Re: Wrong NTFS-Permissions after dcpromo

---

• From: "Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx>
• Date: Thu, 1 Nov 2007 07:14:21 -0500

---

This sid is for the Power Users group -
http://support.microsoft.com/kb/243330

Couldn't tell you how you did this, but I would be concerned about this
machine if you are having some type of issues but you really don't want to
use the old deprecated groups anyway (Server Operators, Power Users,
etc...). Unless you are expericiencing some type of issues you may just
want to tread lightly.

What exactly are you having troubles with?

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

"anonymous" <u-know-me@xxxxxxx> wrote in message
news:1193908591.062419.89660@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Hello group,


I just remarked that on my DC the NTFS-permissions of the default
Windows-folders (e.g. C:\WINDOWS, C:\Program Files, etc.) do not
contain the group "server-operators" but instead they contain the SID
"S-1-5-32-547".

Probably this happened some time ago when I used DCPROMO to upgrade
the server to the first DC in the forrest. Now, unfortunately there
are to many implementations on this machine to just downgrade the
server and run dcpromo again.

I am not confident in just applying the security-template "DC
Security.inf" again because some technet article states that
permissions for recently added files, registry-keys and systemservices
wil be overwritten.

I am furthermore aware that the tool subinacl can for example
substitute old SIDs with new ones
Could this be a posibility in that case?
Or to say in in other words: is dcpromo - when it runns correctly -
exactly substituting the SID of the power users group
( "S-1-5-32-547" ) with the one of the server operators group in ech
subfolder everywhere in der filesystem?


Any help would be appreciated,
Sincerely
Marco

.

---

• Follow-Ups:
  • Re: Wrong NTFS-Permissions after dcpromo
    • From: anonymous

• References:
  • Wrong NTFS-Permissions after dcpromo
    • From: anonymous

• Prev by Date: RE: Administrering AD + File Server without Administrators Access
• Next by Date: Re: 32 Bit AD to 64 Bit AD
• Previous by thread: Wrong NTFS-Permissions after dcpromo
• Next by thread: Re: Wrong NTFS-Permissions after dcpromo
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: All users printers showing up on terminal server ... This is not the case for you since your application will run okay with Power Users membership. ... A member of the Power Users group may be able to gain administrator rights and permissions in Windows Server 2003, Windows 2000, or Windows XP ... When the users log onto TS all the redirected printers are show on the ... (microsoft.public.windows.terminal_services) Re: Power Users on XP machines ... I am not too familiar with GPOs yet but I have looked at them a bit. ... do this solely on the 2003 server or on the XP machine? ... > into the local power users group on your XP workstations. ... (microsoft.public.win2000.general) Re: 2003 Security, How do you add power users (No Built-in) ... Power Users doesn't exist on Server versions. ... >>>the power users group on all the local machines, ... (microsoft.public.win2000.security) Re: How to create Power User on Windows 2003? ... You should see built-in Power Users Group. ... Is this server a domain controller? ... (microsoft.public.windows.server.general) Re: How to create Power User on Windows 2003? ... You should see built-in Power Users Group. ... Is this server a domain controller? ... (microsoft.public.windows.server.setup)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.active_directory  > 2007-11