Re: Problem with group security
From: Gary K (dabigfinndog_at_icqmail.com)
Date: 05/03/03
- Next message: Byron: "Map to share using certificate rather than login/password?"
- Previous message: Independent Thinker: "Re: Account lockout - Disconnected Terminal Server Session"
- In reply to: Brad Pears: "Problem with group security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 2 May 2003 15:42:34 -0700
On the bottom line of the log on window box there should be a drop down menu
that gives him the choice of logging onto the local computer or the domain.
He is choosing to log onto his local computer rather than the domain. When
he does that he doesn't have domain resources available to him.
A local account is not the same thing as a domain account. While both log
on names and passwords may be the same, the choice to log onto the local
computer or the domain determines resource availability. Choosing to log
onto his local computer does not send his name and password over the network
to the DC to authenticate him to the domain. It keeps that information
right there on the computer. It only authenticates him right there.
"Brad Pears" <bradpears@hotmail> wrote in message
news:016e01c310d6$e0b770f0$a301280a@phx.gbl...
> Thanks for the response. I tried that but it still didn't
> work. Then I got looking at it and saw that the user is
> logging into his XP nachine using the local account - not
> the domain account. The group contains membership for
> domain accounts only. SO, I bet if he logged onto his XP
> machine and specified the domain, he'd be all set.
>
> This baffles me though, in that I thought that if your
> local profile username and password were the same as the
> domain username and password, you would automatically be
> authenticated in the domain and therefore be able to gain
> access to domain resources??
>
> This doesn't seem to be happening. Is there something
> that needs to be setup on the XP machine to automatically
> have it log onto the domain as well?
>
> THanks,
>
> Brad
> >-----Original Message-----
> >try completely removing the everyone entry - it maybe
> >overriding the drafting group as all who access are in
> both
> >groups.
> >
> >
> >>-----Original Message-----
> >>I am having a problem with a very basic fundamental
> >>security issue on a Windows 2000 member server.
> >>
> >>We have a share that contains old drawings we want our
> >>drafting guys to be able to access from time to time.
> >>Originally I set up this share with 'Everyone' access
> >>for 'Read and Execute','List folder contents'
> and 'Read'.
> >>
> >>However, when the user actually tried to open one of
> >>these drawings using an application on their local PC,
> >>they got a ' File not found' error. As a quick fix, I
> >>gave 'Full Access' to the everyone group, and that
> solved
> >>the problem.
> >>
> >>I do not like granting 'full access' to everyone, so I
> >>created a special group called 'Drafting', made the
> >>particular users that need access to these files
> members
> >>of the group, and granted 'full access' to
> the 'drafting'
> >>group only. I then reset the 'everyone' permissions
> back
> >>to what they were in the first place and saved the
> >>changes. As soon as I had done this, the user in
> question
> >>came over to me and asked 'What have you done?? I can't
> >>open the files anymore!!'
> >>
> >>Hence the problem. Why would what I just did not work?
> It
> >>seems to me that this is pretty much as basic as it
> gets
> >>when it comes to file security.
> >>
> >>Any help would be greatly appreciated!
> >>
> >>Brad
> >>.
> >>
> >.
> >
- Next message: Byron: "Map to share using certificate rather than login/password?"
- Previous message: Independent Thinker: "Re: Account lockout - Disconnected Terminal Server Session"
- In reply to: Brad Pears: "Problem with group security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
