Re: AD-Fu a bit rusty so a small sec question

"the same result" being that you could not use the domain local
on the share and/or ntfs permissions ?? or however it is that these
are reflected by that NAS vendor ??
In a W2k3 native domain I have no issues with using either on either.
I no longer have access to a W2k in mixed to check, but I do seem
to recall it being any different in mixed mode where the globals only
would be available since they are what NT4 would consider domain
groups

--
Roger Abell
Microsoft MVP (Windows Server : Security)
MCDBA, MCSE W2k3+W2k+Nt4
"AlbertP" <Anatim@xxxxxxxxx> wrote in message
news:CAD425BB-8A54-4EC4-9D6D-C1A03A9DC18D@xxxxxxxxxxxxxxxx
> Let me explain further.
>
> The NAS is unix based, and uses somthing called Sifs? to allow windows
> based
> PC's to use the storage. It uses AD to authenticate permissions. Even
> though I can assign permission via windows, I can't connect to it and
> admin
> it like a normal windows member.
>
> As a side note, I also DID try this on windows member server and got the
> same results.
>
> "Roger Abell [MVP]" wrote:
>
>> If it is not a domain member then how can it utilize
>> any of the domain's groups ??
>>
>> --
>> Roger Abell
>> Microsoft MVP (Windows Server : Security)
>>
>> "AlbertP" <Anatim@xxxxxxxxx> wrote in message
>> news:423330ED-A013-4F32-880D-2C8E213574AE@xxxxxxxxxxxxxxxx
>> > The resourse is on a NAS, not a window member server.
>> >
>> > Thanks
>> > AlbertP
>> >
>> > "Ho Chi Toh" wrote:
>> >
>> >> "AlbertP" <Anatim@xxxxxxxxx> kirjoitti
>> >> viestissä:F12F3264-CFCA-4579-9B53-E6A02481B4E9@xxxxxxxxxxxxxxxx
>> >> >A little more info...
>> >> >
>> >> > I am running AD2000 in mixed mode, but according to MS info on
>> >> > nesting
>> >> > groups.
>> >> >
>> >> > "Groups with domain local scope can have as their members other
>> >> > groups
>> >> > with
>> >> > global scope and accounts." within a mixed 2000AD
>> >> >
>> >> > My problem is now assigning that domain local group to a resource.
>> >>
>> >> If your resource resides on a member server, you should use that
>> >> server's
>> >> local group, not domain local group to assign permissions to a
>> >> resource.
>> >> .
>> >>
>> >>
>> >>
>> >>
>>
>>
>>


.

Relevant Pages

  • RE: What server hardening are you doing these days?
    ... permissions on their data, and Microsoft encourages ISVs to minimize ... I've been able to discuss ACLs and other security issues in Windows with ... Control or DAC (which is what you're referring to by the "stupid ...
    (Focus-Microsoft)
  • Re: Unnown process... 5eplorer.exe
    ... do not remove the cause (a "super"-hidden .dll program) but only remove ... symptom files and registry settings. ... It has all permissions but 'copy' denied to everyone, ... then by using the Windows XP Recovery Console. ...
    (microsoft.public.win2000.general)
  • RE: dcom permissions and vista?
    ... user BLAH with Local Activation and Local Launch permissions. ... Windows Vista indeed do some changes in handling DCOM and you may need to ... Windows Vista introduces the notion of Mandatory Access Labels in security ... Microsoft Online Community Support ...
    (microsoft.public.vc.atl)
  • Re: OT: Win 7 comments
    ... I had to edit the Registry. ... This is right up there with repairing permissions, ... That's odd, consider how some of you guys bring the same habits to Windows, ... I will wait for some apps to crash. ...
    (comp.sys.mac.advocacy)
  • RE: SBS 2003 Outoging Fax Problem w/Error 32028 (Cannot send - fatal error)
    ... 1.Reduce the baud rate of the incoming fax modem and see how it goes. ... Click Permissions and verify that the user attempting to fax has at ... 3.If you have configured the fax client on the Windows XP computer ... On the "Additional Server Types" page, ...
    (microsoft.public.windows.server.sbs)