Re: AD-Fu a bit rusty so a small sec question

From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
Date: Thu, 15 Dec 2005 21:23:12 -0700

If it is not a domain member then how can it utilize
any of the domain's groups ??

--
Roger Abell
Microsoft MVP (Windows Server : Security)

"AlbertP" <Anatim@xxxxxxxxx> wrote in message
news:423330ED-A013-4F32-880D-2C8E213574AE@xxxxxxxxxxxxxxxx
> The resourse is on a NAS, not a window member server.
>
> Thanks
> AlbertP
>
> "Ho Chi Toh" wrote:
>
>> "AlbertP" <Anatim@xxxxxxxxx> kirjoitti
>> viestissä:F12F3264-CFCA-4579-9B53-E6A02481B4E9@xxxxxxxxxxxxxxxx
>> >A little more info...
>> >
>> > I am running AD2000 in mixed mode, but according to MS info on nesting
>> > groups.
>> >
>> > "Groups with domain local scope can have as their members other groups
>> > with
>> > global scope and accounts." within a mixed 2000AD
>> >
>> > My problem is now assigning that domain local group to a resource.
>>
>> If your resource resides on a member server, you should use that
>> server's
>> local group, not domain local group to assign permissions to a resource.
>> .
>>
>>
>>
>>

.

References:
- Re: AD-Fu a bit rusty so a small sec question
  - From: Ho Chi Toh

Prev by Date: Re: Delegate Authority
Next by Date: user permisions
Previous by thread: Re: AD-Fu a bit rusty so a small sec question
Next by thread: Re: AD-Fu a bit rusty so a small sec question
Index(es):
- Date
- Thread

Relevant Pages

RE: question on using migration tool and user groups
... member on the right, separated by a comma. ... In cases where the Domain Local Group had more than one Global Group as ... We installed ADMTv2 on the W2K3 member server holding the migrated data ... >>to the folder, I created a salesman group, gave it full rights to the ...
(microsoft.public.windows.server.migration)
Re: Users can access shares through mapped drives but not using unc
... Where is the 'resource' located - in the child ... Is the 'file server' on a Domain Controller or on a Member Server? ... Can you access the 'resources' when logged on as a member of the Domain ... Ping via IP Address? ...
(microsoft.public.win2000.active_directory)
SIDHistory and kerberos max token size
... kerberos max token size on the client had to be modified ... because each user is a member of almost 1000 groups. ... Some of sites this current domain services are remote where the resource ... server is also the domain controller. ...
(microsoft.public.windows.server.migration)
RE: Local groups migration
... local SAM database of the member server the users are denied access. ... In cases where the Domain Local Group had more than one Global Group as ... No domain migration ever occurred, no protar.mdb existed, it does not ...
(microsoft.public.windows.server.migration)
Re: question on using migration tool and user groups
... FSMT does not migrate the Domain Local Groups to the local SAM of member ... database of the member server the users are denied access. ... In cases where the Domain Local Group had more than one Global Group ... Proceed with the Translation. ...
(microsoft.public.windows.server.migration)