Re: SIDs showing but domain names not - Help!!



I doubt that alone screws up the access. The SID is what is really
used to control access, the friendly name is for human consumption.
Adding a new grant and having it show up as a SID would in itself
not change any of the other grants (or denies), and it would be put
into effect once applied. If everyone else can go through the LAN
and add new things now I would tend to believe that they could do
that before also, or that more was done than just add the one account
that ended up showing as a SID.

Is this a single domain environment?
Is the NetBIOS Tcp/Ip helper running on the machine where you
see this?

The sce event 1000 is not good.
Search in the KB with source and eventid as there are many
causes with different result codes.

Try running netdiag and dcdiag on each DC. If those are clean then
try running netdiag on the machine where friendly names are not
being shown (it is configured to ONLY use DNS servers on the
DCs, right?).



"GaryB" <GaryB@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A4FDE3C5-682E-499F-B39B-544104BD0D4A@xxxxxxxxxxxxxxxx
Hi,
I have today gone to add access to a 2000 member server C drive and after
selecting the Domain, I select a user. When I hit apply it changes the
name
to a SID and completetly screws the access to the drives. Foir example I
added myself with full access to the servers local C Drive. It instantly
turned into a SID number so instead of mydomain\myuser it changes to
\S-1-5-7
*************** after hiting apply. I can then browse thru LAN to create
files on this server but so can everyone else in the domain!

This is fairly urgent as this is sql server & I fear permissions may be
causing us security nightmares..

I have the checked the 2003 AD & DNS server and all appears ok but I do
have
event logs that may not be relevant as follows:

Event ID 1000
Windows cannot access the file gpt.ini for GPO The file must be present
at
the location <>. (). Group Policy processing aborted.

Any help appreciated!

G




.



Relevant Pages

  • Re: Slow Domain
    ... AD is the same name the Domain SID is different, ... the old server to the new one. ... manage a small network with 5 workstaions, ... have a simple logon script batch file for the 5 users to map drives ...
    (microsoft.public.windows.server.sbs)
  • =?Utf-8?Q?Re:_Nach_Neuinstallation_k=C3=B6nnen_?= =?Utf-8?Q?verkn=C3=BCpfte_Kontakte_nicht_g
    ... Windows-Umgebung hat also auch immer eine eindeutige SID und wird dadurch ... Wenn nun auf dem Server sich ... einer alten SID mit Berechtigungen versehen wurde, ... "Sie haben wahrscheinlich versucht, den Kalender eines Benutzers ...
    (microsoft.public.de.outlook)
  • Re: Two different domains with same name - Problems?
    ... and yes, at this level (SID) the domains are distinct, however TTBOMK domain discovery happens by name so the 'foreign' PCs will _attempt_ to log onto the domain, causing more grief than I can imagine. ... Initial connections from Fred are parsed to get the domain/user SIDs and fail to match so fallback to PTA, at this time Fred@Domain1 will cause Fred@Domain2's account to be locked out due to auth failure. ... Windows Small Business Server 2008 Unleashed ...
    (microsoft.public.windows.server.sbs)
  • Re: ASP.NET User.Identity.Name value after a domain username chang
    ... Can you point me to any resources I can use about getting the SID of the ... WebRequest user without using the username as the base of a lookup (since I ... access a website on the server. ... I have a very confusing issue when the domain login of a user is changed ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Sid/Unstable
    ... Debian as a home server which handles a website, e-mail server, samba ... sid is great for this. ... backup backup backup and be sure to remember to take good backups. ... if by "boot up" you mean "I can scrape together a way to get the ...
    (Debian-User)