Re: how to add NT domain local group security on win2000
From: Joe Wu [MSFT] (joewu_at_online.microsoft.com)
Date: 02/25/04
- Next message: Richard Blears: "Re: NT4 Windows 2000 and complete native mode mixup"
- Previous message: Josh: "Impersonation Level Errors"
- In reply to: EL: "Re: how to add NT domain local group security on win2000"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 25 Feb 2004 16:09:27 GMT
Hello EL,
Thank you for your reply. This problem will not exist after you upgrade the
domain to Windows 2000 AD-based domain and promote the domain level to
Native mode. (However, the problem should still persists in Windows Mix
mode domain.)
This will be an efficient solution if there are a larger number of domain
local groups.
I hope this information helps. Thanks and have a great day!
Regards,
Joe Wu
Product Support Services
Microsoft Corporation
Get Secure! - www.microsoft.com/security
====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
|From: "EL" <lengzai@msn.com>
|References: <OkJX#bQ#DHA.452@TK2MSFTNGP11.phx.gbl>
<Y5bIjce#DHA.740@cpmsftngxa06.phx.gbl>
<ulCWnRn#DHA.2292@TK2MSFTNGP12.phx.gbl>
<2tKjC7p#DHA.1472@cpmsftngxa06.phx.gbl>
|Subject: Re: how to add NT domain local group security on win2000
|Date: Wed, 25 Feb 2004 16:03:53 +0800
|Lines: 202
|X-Priority: 3
|X-MSMail-Priority: Normal
|X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
|X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
|Message-ID: <OJqGoV3#DHA.712@tk2msftngp13.phx.gbl>
|Newsgroups: microsoft.public.windows.server.migration
|NNTP-Posting-Host: 203.194.169.101
|Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
|Xref: cpmsftngxa06.phx.gbl microsoft.public.windows.server.migration:8231
|X-Tomcat-NG: microsoft.public.windows.server.migration
|
|Thanks Joe.
|
|Actually i will upgrade the NT Domain to win2000 AD as well after the NT
|File Server upgrade to new machince.
|
|My original plan is to upgrade the NT File Server first then NT Domain.
|It will be too complicated to change all Local group to Global group. It
was
|because there are too many Local Groups and different local groups are
|grouped into different Global Group.
|
|I tried to directly upgrade the NT file server to win2000. It prompt to
|upgrade the NT Domain first.
|What will happen to the existing Local Group, if i upgrade the NT Domain
|first?
|
|I have only one Powerful PC. My goal is to combine the NT Domain (PDC) and
|NT File Server to that new Power PC.
|
|Any suggestion?
|
|thanks
|
|EL
|
|
|
|"Joe Wu [MSFT]" <joewu@online.microsoft.com> wrote in message
|news:2tKjC7p%23DHA.1472@cpmsftngxa06.phx.gbl...
|> Hello EL,
|>
|> Thanks for your reply.
|>
|> To resolve this problem, we can create a new domain global group to
|replace
|> the current domain local group.
|>
|> I understand that the operation may be time consuming especially if there
|> are a large number of shares. I think that you may replace the permission
|> settings by using the SubInACL tool. For example, you can use the
|following
|> commands in a batch file:
|>
|> subinacl /share \\%COMPUTERNAME%\<YourShare>
|> /replace=<YourDomain>\<YourLocalGroup>=<YourDomain>\<YourGrobalGroup>
|>
|> subinacl /subdirectories <YourNTFSFolder>
|> /replace=<YourDomain>\<YourLocalGroup>=<YourDomain>\<YourGrobalGroup>
|>
|> You can download the SubInACL tool from the following web site:
|>
|> SubInACL
|>
|http://www.microsoft.com/downloads/details.aspx?FamilyID=e8ba3e56-d8fe-4a91
-
|> 93cf-ed6985e3927b&displaylang=en
|>
|> For detailed information regarding the usage of this tool, please refer
to
|> the Windows 2000 Resource Kit Tools document or run the following
command:
|>
|> SubInAcl /help /full
|>
|> Please test the commands first. If it work, you can then adjust the
|> permissions on the old file server and then copy it to the new server.
|>
|> I hope this helps. Thanks!
|>
|> Regards,
|> Joe Wu
|> Product Support Services
|> Microsoft Corporation
|>
|> Get Secure! - www.microsoft.com/security
|>
|> ====================================================
|> When responding to posts, please "Reply to Group" via your newsreader so
|> that others may learn and benefit from your issue.
|> ====================================================
|> This posting is provided "AS IS" with no warranties, and confers no
|rights.
|>
|> --------------------
|> |From: "EL" <lengzai@msn.com>
|> |References: <OkJX#bQ#DHA.452@TK2MSFTNGP11.phx.gbl>
|> <Y5bIjce#DHA.740@cpmsftngxa06.phx.gbl>
|> |Subject: Re: how to add NT domain local group security on win2000
|> |Date: Tue, 24 Feb 2004 09:23:59 +0800
|> |Lines: 89
|> |X-Priority: 3
|> |X-MSMail-Priority: Normal
|> |X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
|> |X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
|> |Message-ID: <ulCWnRn#DHA.2292@TK2MSFTNGP12.phx.gbl>
|> |Newsgroups: microsoft.public.windows.server.migration
|> |NNTP-Posting-Host: 203.194.169.101
|> |Path:
|>
|cpmsftngxa06.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSFTNGXA05.phx.gbl!TK2MSFTNGP0
8
|> phx.gbl!TK2MSFTNGP12.phx.gbl
|> |Xref: cpmsftngxa06.phx.gbl
microsoft.public.windows.server.migration:8178
|> |X-Tomcat-NG: microsoft.public.windows.server.migration
|> |
|> |Then what will be the correct procedures to upgrade a NT file server to
a
|> |new machince with 2000 server installed under NT DOMAIN environment and
|> |retain all the access right (Domain Local Group etc.)
|> |
|> |thanks
|> |EL
|> |
|> |"Joe Wu [MSFT]" <joewu@online.microsoft.com> wrote in message
|> |news:Y5bIjce%23DHA.740@cpmsftngxa06.phx.gbl...
|> |> Hello EL,
|> |>
|> |> Thank you for your post. My name is Joe Wu, and it is my pleasure to
|work
|> |> with you on this issue.
|> |>
|> |> In Windows NT domain, the domain local groups can only be used on
|domain
|> |> controllers. The problem has been explained in the following KB:
|> |>
|> |> 148639 Domain Local Groups Added By Clicking Search in File Manager
|> |> http://support.microsoft.com/?id=148639
|> |>
|> |> To work around this issue, pelase add the users that you want to
access
|> |> resources to a global group on the domain, and add the appropriate
|> |> permissions of the resource to the global group.
|> |>
|> |> I hope this helps. Thanks and have a great day!
|> |>
|> |> Regards,
|> |> Joe Wu
|> |> Product Support Services
|> |> Microsoft Corporation
|> |>
|> |> Get Secure! - www.microsoft.com/security
|> |>
|> |> ====================================================
|> |> When responding to posts, please "Reply to Group" via your newsreader
|so
|> |> that others may learn and benefit from your issue.
|> |> ====================================================
|> |> This posting is provided "AS IS" with no warranties, and confers no
|> |rights.
|> |>
|> |> --------------------
|> |> |From: "EL" <lengzai@msn.com>
|> |> |Subject: how to add NT domain local group security on win2000
|> |> |Date: Sun, 22 Feb 2004 13:48:28 +0800
|> |> |Lines: 25
|> |> |X-Priority: 3
|> |> |X-MSMail-Priority: Normal
|> |> |X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
|> |> |X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
|> |> |Message-ID: <OkJX#bQ#DHA.452@TK2MSFTNGP11.phx.gbl>
|> |> |Newsgroups: microsoft.public.windows.server.migration
|> |> |NNTP-Posting-Host: 203.194.169.101
|> |> |Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP11.phx.gbl
|> |> |Xref: cpmsftngxa06.phx.gbl
|> microsoft.public.windows.server.migration:8139
|> |> |X-Tomcat-NG: microsoft.public.windows.server.migration
|> |> |
|> |> |There is a NT Domain(PDC) and a "NT FILE SERVER".
|> |> |I upgrade the "NT FILE SERVER" to another powerful Machince with
|WIN2000
|> |OS
|> |> |installed.
|> |> |I use the "Scopy" to copy all the security right from the old "NT
FILE
|> |> |SERVER" to a new powerful machince "WIN2000 Stand alone server"
|> |> |
|> |> |I can successfully migrate all the security right to the new 2000
|> server.
|> |> |However after migrations all the users can't access the files on new
|> file
|> |> |server, access denied.
|> |> |All the files security right are assigned using the NT Domain Local
|> |Group.
|> |> |I found that in Win2000, i can't assign the Domain Local Group
|security
|> |> |right to files.
|> |> |I can only see the Domain Grobal Group and all Domain users.
|> |> |
|> |> |I think this is the problem why after successfuly migrate the
security
|> |> right
|> |> |from old server to new server, all users don't have the access right
|on
|> |the
|> |> |new server.
|> |> |
|> |> |Anyone can help? URGENT
|> |> |
|> |> |thanks
|> |> |
|> |> |EL
|> |> |
|> |> |
|> |> |
|> |>
|> |
|> |
|> |
|>
|
|
|
- Next message: Richard Blears: "Re: NT4 Windows 2000 and complete native mode mixup"
- Previous message: Josh: "Impersonation Level Errors"
- In reply to: EL: "Re: how to add NT domain local group security on win2000"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
