Re: Problems on DNS

From: Ace Fekay [MVP] (PleaseSubstituteMyActualFirstName&LastNameHere_at_hotmail.com)
Date: 10/22/04

Next message: Ace Fekay [MVP]: "Re: HELP/heterogenous/multiple domains/split dns"
Previous message: Ace Fekay [MVP]: "Re: I will post all my question on "Problems on DNS" from now."
In reply to: Jian, Wu: "Re: Problems on DNS"
Messages sorted by: [ date ] [ thread ]

Date: Thu, 21 Oct 2004 23:40:46 -0400

In news:OO6XwaotEHA.2956@TK2MSFTNGP12.phx.gbl,
Jian, Wu <jw6561@sohu.com> made a post then I commented below
> No. only 4015 errors
>

>From the other thread (reposted here to keep everyone up to date on the
progress):

>>Also, have you ever changed any permissions,
>> settings or anything else you
>> can think of (even as insignificant as it may seem)?
>>
>> Ace

> I just changed the default accessing rights for Driver C and Driver D from
> everyone to Adminstrators.
>

If you changed the default permissions to only ADministrators, then it will
cause major issues across the board, not just DNS. I've seen major issues
from administrators altering the volume permissions to just the Admin
accuont. If you are going to do that, if I may suggest, to also add
Authenticated Users Modify and System Full Control. Keep in mind, anything
you set at the volume root level will inherit downhill and will effect
everything. Many services use the System account, among other accounts, that
the "Everyone" account's default permissions cover, hence why I suggest to
add Authenticated Users Modify, System FC, etc.

It maybe easier to just add Authenticated Users Full Control, since this
will cover all possible accounts utilized, especially in the Windows or
Winnt folder. The difference between Everyone and Authenticated Users, is
Authenticated Users group does not include the IUSR, IWAM or the Guest
account, so you can be safe there.

Ace

Next message: Ace Fekay [MVP]: "Re: HELP/heterogenous/multiple domains/split dns"
Previous message: Ace Fekay [MVP]: "Re: I will post all my question on "Problems on DNS" from now."
In reply to: Jian, Wu: "Re: Problems on DNS"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

RE: Bypass Traverse Checking?
... Authenticated Users, because they are significantly different (different ... account without that SID in its token would not be able to access the ... you are affecting Anonymous Logon and the _builtin_ Guest ... account. ...
(Focus-Microsoft)
Re: RSOP Planning Security problem
... This would mean maintaining a separate account just for this purpose. ... thats correct, thats why you have accounts and permissions. ... I have also granted "Authenticated Users" permission for "RSOP Planning" and "RSOP Logging" on the OU which contains the workstation account. ...
(microsoft.public.scripting.vbscript)
RE: Bypass Traverse Checking?
... This article discusses the inclusion of Authenticated Users in the access ... token for an account that connects as a guest; ... won't have that token in the guest context is the built-in Guest account ... > looking at the SID of the account. ...
(Focus-Microsoft)
RE: ERROR?: Service Control Manager 3221229584
... This may be due to permissions on the DTC files. ... Administrators - Full Control ... Authenticated Users - Read & Execute, ...
(microsoft.public.windows.server.sbs)
Re: Setting Audit Permissions Differently for Each User
... Same as with any other account, via one of a few ways; ... Authenticated Users removed from Users (I routinely remove ... was member of Users (or Domain Users), or if you defined a group ... In order to effect control over what is allowed ...
(microsoft.public.windows.server.security)