Re: Making C:\WINNT\Temp a share point

From: Bert Sierra (bsierra_at_nospam-cableone.net)
Date: 02/28/05

• Previous message: Megladon: "Re: Force users to use the same profile"
• In reply to: Steven L Umbach: "Re: Making C:\WINNT\Temp a share point"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 28 Feb 2005 10:23:16 -0700

In article <ORNnJ#7GFHA.3648@TK2MSFTNGP09.phx.gbl>,
 "Steven L Umbach" <n9rou@nospam-comcast.net> wrote:
> I am a bit confused as you first say that they must be domain users and then
> say they must be domain admins?? I assume you mean domain admins because
> being domain users should not be that big of a deal. Do they have share and
> ntfs permissions for this share?? Check to make sure that the permissions
> are in place in case a security template or such is changing permissions
> back to a defined level. Is this a domain controller or domain member
> server? -- Steve

Yes, that was a typo. I meant to say that our users must be Domain
Admins in order to be able to access \\TheServer\Temp.

I think I was able to resolve the problem. I had enabled Sharing and
set Sharing Permissions so Accounting users could read/write to Temp.
However, I didn't realize that in addition you needed to enable access
via the Security panel in Properties. I think that's what you might
mean by ntfs permissions. Once I did that, the Accounting group could
read/write to Temp without having to be Domain Admins. Now they're just
part of the Accounting and Domain Users groups, as it should be, and the
security hole should be largely patched up.

FYI -- The server in question was a computer joined to our domain, but
not a domain controller or domain backup controller. It is running
Terminal Services for use only by system administrators. [We're
primarily a Mac shop, so Terminal Services support is critical.]

----
Bert Sierra, IT Manager  +  (928) 778-0170 x130
Fann Contracting, Inc.  +  1403 Industrial Way  +  Prescott, AZ  86301

• Previous message: Megladon: "Re: Force users to use the same profile"
• In reply to: Steven L Umbach: "Re: Making C:\WINNT\Temp a share point"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Modifying permissions with XCACLS.vbs ... folder permissions but I'm not using the built-in security groups - I ... I also read the SIDs for domain admins and domain users ... (microsoft.public.security) Re: Security Group Problem ... So at the sub ... > directory I change the permissions to remove everyone. ... I then add domain users to the directory ... > Charlie Bisbee ... (microsoft.public.windows.server.active_directory) Re: problem with logon on a windows 2000 or XP client machine ... Did you change any permissions on these computers either locally or via ... the local administrator group on the computer), I get my desktop and I ... When I add the domain users ... to the local administrators group and log in with a domain user ... (microsoft.public.win2000.security) Re: Domain account iwth restricted rights ... Normally the "Authenticated Users" special group has the logon locally ... The Domain Users causes the "Logon Locally" right to be present ... So you need both different permissions and different rights perhaps. ... What is the best way to lock down these accounts? ... (microsoft.public.windows.server.active_directory) Re: Domain account iwth restricted rights ... That was probably added to account for the change above. ... The Domain Users causes the "Logon Locally" right to be present ... So you need both different permissions and different rights perhaps. ... (microsoft.public.windows.server.active_directory)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint