Re: how to add NT domain local group security on win2000
From: EL (lengzai_at_msn.com)
Date: 02/25/04
- Next message: Steven Liu: "Re: RADIUS"
- Previous message: Bob Qin [MSFT]: "RE: ADMT error when migrating computers"
- In reply to: Joe Wu [MSFT]: "Re: how to add NT domain local group security on win2000"
- Next in thread: Joe Wu [MSFT]: "Re: how to add NT domain local group security on win2000"
- Reply: Joe Wu [MSFT]: "Re: how to add NT domain local group security on win2000"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 25 Feb 2004 16:03:53 +0800
Thanks Joe.
Actually i will upgrade the NT Domain to win2000 AD as well after the NT
File Server upgrade to new machince.
My original plan is to upgrade the NT File Server first then NT Domain.
It will be too complicated to change all Local group to Global group. It was
because there are too many Local Groups and different local groups are
grouped into different Global Group.
I tried to directly upgrade the NT file server to win2000. It prompt to
upgrade the NT Domain first.
What will happen to the existing Local Group, if i upgrade the NT Domain
first?
I have only one Powerful PC. My goal is to combine the NT Domain (PDC) and
NT File Server to that new Power PC.
Any suggestion?
thanks
EL
"Joe Wu [MSFT]" <joewu@online.microsoft.com> wrote in message
news:2tKjC7p%23DHA.1472@cpmsftngxa06.phx.gbl...
> Hello EL,
>
> Thanks for your reply.
>
> To resolve this problem, we can create a new domain global group to
replace
> the current domain local group.
>
> I understand that the operation may be time consuming especially if there
> are a large number of shares. I think that you may replace the permission
> settings by using the SubInACL tool. For example, you can use the
following
> commands in a batch file:
>
> subinacl /share \\%COMPUTERNAME%\<YourShare>
> /replace=<YourDomain>\<YourLocalGroup>=<YourDomain>\<YourGrobalGroup>
>
> subinacl /subdirectories <YourNTFSFolder>
> /replace=<YourDomain>\<YourLocalGroup>=<YourDomain>\<YourGrobalGroup>
>
> You can download the SubInACL tool from the following web site:
>
> SubInACL
>
http://www.microsoft.com/downloads/details.aspx?FamilyID=e8ba3e56-d8fe-4a91-
> 93cf-ed6985e3927b&displaylang=en
>
> For detailed information regarding the usage of this tool, please refer to
> the Windows 2000 Resource Kit Tools document or run the following command:
>
> SubInAcl /help /full
>
> Please test the commands first. If it work, you can then adjust the
> permissions on the old file server and then copy it to the new server.
>
> I hope this helps. Thanks!
>
> Regards,
> Joe Wu
> Product Support Services
> Microsoft Corporation
>
> Get Secure! - www.microsoft.com/security
>
> ====================================================
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
> ====================================================
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
> --------------------
> |From: "EL" <lengzai@msn.com>
> |References: <OkJX#bQ#DHA.452@TK2MSFTNGP11.phx.gbl>
> <Y5bIjce#DHA.740@cpmsftngxa06.phx.gbl>
> |Subject: Re: how to add NT domain local group security on win2000
> |Date: Tue, 24 Feb 2004 09:23:59 +0800
> |Lines: 89
> |X-Priority: 3
> |X-MSMail-Priority: Normal
> |X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
> |X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
> |Message-ID: <ulCWnRn#DHA.2292@TK2MSFTNGP12.phx.gbl>
> |Newsgroups: microsoft.public.windows.server.migration
> |NNTP-Posting-Host: 203.194.169.101
> |Path:
>
cpmsftngxa06.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSFTNGXA05.phx.gbl!TK2MSFTNGP08
> phx.gbl!TK2MSFTNGP12.phx.gbl
> |Xref: cpmsftngxa06.phx.gbl microsoft.public.windows.server.migration:8178
> |X-Tomcat-NG: microsoft.public.windows.server.migration
> |
> |Then what will be the correct procedures to upgrade a NT file server to a
> |new machince with 2000 server installed under NT DOMAIN environment and
> |retain all the access right (Domain Local Group etc.)
> |
> |thanks
> |EL
> |
> |"Joe Wu [MSFT]" <joewu@online.microsoft.com> wrote in message
> |news:Y5bIjce%23DHA.740@cpmsftngxa06.phx.gbl...
> |> Hello EL,
> |>
> |> Thank you for your post. My name is Joe Wu, and it is my pleasure to
work
> |> with you on this issue.
> |>
> |> In Windows NT domain, the domain local groups can only be used on
domain
> |> controllers. The problem has been explained in the following KB:
> |>
> |> 148639 Domain Local Groups Added By Clicking Search in File Manager
> |> http://support.microsoft.com/?id=148639
> |>
> |> To work around this issue, pelase add the users that you want to access
> |> resources to a global group on the domain, and add the appropriate
> |> permissions of the resource to the global group.
> |>
> |> I hope this helps. Thanks and have a great day!
> |>
> |> Regards,
> |> Joe Wu
> |> Product Support Services
> |> Microsoft Corporation
> |>
> |> Get Secure! - www.microsoft.com/security
> |>
> |> ====================================================
> |> When responding to posts, please "Reply to Group" via your newsreader
so
> |> that others may learn and benefit from your issue.
> |> ====================================================
> |> This posting is provided "AS IS" with no warranties, and confers no
> |rights.
> |>
> |> --------------------
> |> |From: "EL" <lengzai@msn.com>
> |> |Subject: how to add NT domain local group security on win2000
> |> |Date: Sun, 22 Feb 2004 13:48:28 +0800
> |> |Lines: 25
> |> |X-Priority: 3
> |> |X-MSMail-Priority: Normal
> |> |X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
> |> |X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
> |> |Message-ID: <OkJX#bQ#DHA.452@TK2MSFTNGP11.phx.gbl>
> |> |Newsgroups: microsoft.public.windows.server.migration
> |> |NNTP-Posting-Host: 203.194.169.101
> |> |Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP11.phx.gbl
> |> |Xref: cpmsftngxa06.phx.gbl
> microsoft.public.windows.server.migration:8139
> |> |X-Tomcat-NG: microsoft.public.windows.server.migration
> |> |
> |> |There is a NT Domain(PDC) and a "NT FILE SERVER".
> |> |I upgrade the "NT FILE SERVER" to another powerful Machince with
WIN2000
> |OS
> |> |installed.
> |> |I use the "Scopy" to copy all the security right from the old "NT FILE
> |> |SERVER" to a new powerful machince "WIN2000 Stand alone server"
> |> |
> |> |I can successfully migrate all the security right to the new 2000
> server.
> |> |However after migrations all the users can't access the files on new
> file
> |> |server, access denied.
> |> |All the files security right are assigned using the NT Domain Local
> |Group.
> |> |I found that in Win2000, i can't assign the Domain Local Group
security
> |> |right to files.
> |> |I can only see the Domain Grobal Group and all Domain users.
> |> |
> |> |I think this is the problem why after successfuly migrate the security
> |> right
> |> |from old server to new server, all users don't have the access right
on
> |the
> |> |new server.
> |> |
> |> |Anyone can help? URGENT
> |> |
> |> |thanks
> |> |
> |> |EL
> |> |
> |> |
> |> |
> |>
> |
> |
> |
>
- Next message: Steven Liu: "Re: RADIUS"
- Previous message: Bob Qin [MSFT]: "RE: ADMT error when migrating computers"
- In reply to: Joe Wu [MSFT]: "Re: how to add NT domain local group security on win2000"
- Next in thread: Joe Wu [MSFT]: "Re: how to add NT domain local group security on win2000"
- Reply: Joe Wu [MSFT]: "Re: how to add NT domain local group security on win2000"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
