Best way to assign NTFS permission in order to migrate to AD on W2K3

From: Dave Bowman (dbwmn2001_at_yahoo.com)
Date: 03/11/04

Next message: Paul Spaulding: "Local Profile Question"
Previous message: James Preoly: "Simple passwords and Trusts"
Next in thread: Bob Qin [MSFT]: "RE: Best way to assign NTFS permission in order to migrate to AD on W2K3"
Reply: Bob Qin [MSFT]: "RE: Best way to assign NTFS permission in order to migrate to AD on W2K3"
Messages sorted by: [ date ] [ thread ]

Date: 11 Mar 2004 07:14:43 -0800

I have an NT4 domain: the main file server is a W2K member server and
most of its permissions are assigned to groups like Domain Users. This
builtin group cannot be migrated to 2003 using ADMT, so, since I also
need to optimize the permissions on many folders (sometimes it's a
global group, sometimes it's a bunch of user names) I want to change
the permissions assigning groups to folders, before migrating.
The idea was the classic group named Folder_Write or Folder_Read with
permissions to the folder.
But here's the problem:
If I use a Global Group (GG) then I cannot include other GGs (that is
UserA, UserB and Global Group IT Managers)
If I use a Machine Local Group (MLG)I solve this problem, the
migration is probably easier, but I could run into troubles if I have
to move the files to a different file server in the future.
I read that MS suggests to create global groups, insert them into
Domain Local Groups and then migrate using a SID Mapping File, but
this sounds strange to me because
1) I'd have UserA and UserB in group Folder_Write (Global) inserted in
another G_Folder_Write (DLG).. Too many groups, sounds confusing
2) I cannot assign permissions to a DLG to a member server in a NT4
Domain

Anybody can suggest me if I'm missing the point?
Which is the best way to assign pemissions to a folder on a member
server?

Thanks for your help

Next message: Paul Spaulding: "Local Profile Question"
Previous message: James Preoly: "Simple passwords and Trusts"
Next in thread: Bob Qin [MSFT]: "RE: Best way to assign NTFS permission in order to migrate to AD on W2K3"
Reply: Bob Qin [MSFT]: "RE: Best way to assign NTFS permission in order to migrate to AD on W2K3"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: finding folders with "write" permission
... If you prefer to copy the NTFS and Share permissions to the new server, ... Copy all the data from the old file server to target file server. ...
(microsoft.public.windows.server.migration)
RE: NT4 File Server to 2000
... you can use Robocopy to copy the files to the SMS server. ... > We can migrate the shares' NTFS permissions and share permissions ... For NTFS permissions, we can use the Windows 2000 Resource Kit ... Copy all the data from the old file server to target file server. ...
(microsoft.public.windows.server.migration)
Re: DFS/AD Migration
... Its best practice for the permissions to be assign to local groups on the file server box and then put domain groups in these. ... When the DFS teams move the folders/files to DFS the ...
(microsoft.public.windows.server.active_directory)
RE: FSMT on a BDC
... shares and permissions on a "BDC" based on Windows NT 4.0 to Windows Server ... The File Server Migration Toolkit helps you copy files and folders from ...
(microsoft.public.windows.server.migration)
Re: Security - Global group
... Isn't it a security flaw that even though the Server A is removed from the ... global group, still it is not recognized by Server B? ... >>I created a global security group and added machine A into the group. ... >> thinks machine A is still in the global group and give permissions to ...
(microsoft.public.win2000.security)