Re: Changing Global Group to Domain Local Group.
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 01/10/05
- Next message: Steven L Umbach: "Re: Deny rights question"
- Previous message: Steven L Umbach: "Re: Any Way to Run Windows 2000 From Read-Only CD?"
- In reply to:
: "Re: Changing Global Group to Domain Local Group." - Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 10 Jan 2005 12:57:47 -0600
This is the way the Cert Publishers group is configured in Windows 2000 and
can not be changed. They did change it in Windows 2003. Normally, as your
refer to, you can change group scope in a native mode domain. --- Steve
"<Shiny Bob>" <parris@newsguy,com> wrote in message
news:crtdtg0105l@news3.newsguy.com...
> one other question - Is the group empty ? If you have nested groups then
> you often can't due to the AGDLP rule.
>
> Mark
> "Rob McShinsky" <List@mcshinsky.com> wrote in message
> news:eTTibvM9EHA.3320@TK2MSFTNGP10.phx.gbl...
>> Sorry for the lack of detail. Unable to change to any group type. All
>> options are greyed.
>>
>>
>> "Shiny Bob" <parris@newsguy.com> wrote in message
>> news:crlrpm02f4s@news3.newsguy.com...
>>> he cannot change it from global to local - no mention of universal .
>>> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
>>> news:e0DvyvG9EHA.2700@TK2MSFTNGP14.phx.gbl...
>>>> Except that he indicated he can not change it from global group. ---
>>>> Steve
>>>>
>>>>
>>>> "<Shiny Bob>" <parris@newsguy,com> wrote in message
>>>> news:crkl8102dfm@news3.newsguy.com...
>>>>> change it to universal come out of group
>>>>> go back into group and change it to a DL Group.
>>>>>
>>>>> Mark
>>>>>
>>>>> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
>>>>> news:OroWX1E9EHA.2600@TK2MSFTNGP09.phx.gbl...
>>>>>>I have never had to deal with that but see if the info in the link
>>>>>>below is helpful. --- Steve
>>>>>>
>>>>>> http://support.microsoft.com/default.aspx?scid=kb;en-us;281271
>>>>>>
>>>>>> "Rob McShinsky" <List@mcshinsky.com> wrote in message
>>>>>> news:uJbU7s$8EHA.1228@tk2msftngp13.phx.gbl...
>>>>>>> In my Windows 2000 domain (native mode), that is almost completly
>>>>>>> upgraded to Windows 2003 I want to change my Cert Publishers group
>>>>>>> from a Global Group to a Domain Local Group. If you install 2003
>>>>>>> from scratch and make it a domain controller this group is a Domain
>>>>>>> Local Group even if you are in Windows 2000 native mode. Currently
>>>>>>> the ability to switch this group is greyed out.
>>>>>>>
>>>>>>> The reasoning behind this is we are building a 2-tiered Certificate
>>>>>>> Authority structure with the Issuing Certificate Authority in the
>>>>>>> Root domain. All users and computer objects are in the child
>>>>>>> domain. So unless I can put the CA computer object that is in the
>>>>>>> root domain in the Child domain Cert Publishers group, the
>>>>>>> certificates issued to users in the child domain do not work. If
>>>>>>> the Cert publishers group is a Domain Local group I can easily see
>>>>>>> the CA server in the Root Domain and can add it correctly.
>>>>>>>
>>>>>>> Does anyone have any experience with 2-tiered CA's within a 2-tiered
>>>>>>> forest?
>>>>>>>
>>>>>>> Thanks
>>>>>>>
>>>>>>> Rob McShinsky
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
- Next message: Steven L Umbach: "Re: Deny rights question"
- Previous message: Steven L Umbach: "Re: Any Way to Run Windows 2000 From Read-Only CD?"
- In reply to:
: "Re: Changing Global Group to Domain Local Group." - Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
