Re: [Win2003Server] Lost local accounts on domain controler

From: Math (mPOINTherr_at_renfeld.com)
Date: 10/17/05


Date: Mon, 17 Oct 2005 13:25:41 +0200


>I think that maybe you've got a basic lack of understanding of how
> permissions work in a Windows Server environment.
Yes, that is why I'm asking before acting and messing up

>simply type NETWORK SERVICE into the appropriate text
> box. When you click Check Names you'll see that it will resolve
> correctly.
I did try to do this, but didn't succeed: windows didn't find the user...
(i'm sure of the name syntax)
Notice that the only place available to search in is the domain.

>It might help if you
> describe what exactly you're trying to accomplish here
I'd like to permit an iis application on SERVERXX1 to access with write
permission a folder on SERVERXX2.
Considering that the user running my iis application is IUSR_SERVERXX1, i'd
like to permit this specific user to access the folder on SERVERXX2

Mathieu

"Paul Adare" <padare@newsguy.com> a écrit dans le message de news:
MPG.1dbd4759a42255fd989ec3@msnews.microsoft.com...
> In article <435375ef$0$8056$4d4eb98e@read.news.fr.uu.net>, in the
> microsoft.public.windows.server.security news group, Math
> <mPOINTherr@renfeld.com> says...
>
>> Thank you Steve for your explanation.
>>
>>
>>
>> However, on some folders the server's "NT AUTHORITY\NETWORK SERVICE" user
>> (for instance) is still present in the security tab, but not listed in
>> the
>> domain available users when searching the available users. Is it a
>> special
>> kind of users? If yes, how can I set this user in a folder security
>> configuration on the same server?
>
> You won't find this account when searching the domain as it is not a
> domain account, it is a builtin account. When adding to the DACL of a
> folder, even on a domain controller, if you want to use the NETWORK
> SERVICE account, simply type NETWORK SERVICE into the appropriate text
> box. When you click Check Names you'll see that it will resolve
> correctly.
>
>>
>> Maybe should I create this user for the whole Domain?
>
> No, this won't do any good.
>
>>
>>
>>
>> Another related question:
>>
>> I have another windows 2003 based server named MYSERVERXXX (for
>> instance),
>> who is part of the domain, but is not a domain controller.
>>
>> When modifying a folder's security configuration on another domain member
>> server, I can't find the IUSR_MYSERVERXXX user.
>
> That's because this account is a local account. It only scopes to the
> computer that IIS is installed on and can't be used anywhere else but on
> that server.
>
>>
>> Do I need to promote MYSERVERXXX to a domain controller in order to get
>> this
>> user on a other domain member server?
>
> I think that maybe you've got a basic lack of understanding of how
> permissions work in a Windows Server environment. It might help if you
> describe what exactly you're trying to accomplish here. Whatever that
> maybe, you're obviously not approaching it in the right way.
>
>
> --
> Paul Adare
> MVP - Windows - Virtual Machine
> http://www.identit.ca/blogs/paul/
> "The English language, complete with irony, satire, and sarcasm, has
> survived for centuries without smileys. Only the new crop of modern
> computer geeks finds it impossible to detect a joke that is not clearly
> labeled as such."
> Ray Shea



Relevant Pages

  • Re: Re-Post - "the trust relationship between this workstation and the
    ... "the trust relationship between this workstation and the primary domain ... only problem is adding a new user account on the station. ... Client computer must use STRICTLY the INTERNAL DNS server which can ... Attr: subschemaSubentry ...
    (microsoft.public.windows.server.active_directory)
  • Re: Same question, still no answer!!!
    ... Sounds then like we are all paying for a feature set only large companies ... The "proxy server" pc is actually an older box stuffed ... Expectation #1) keep the ethernet more or less as is. ... The kids account would be ...
    (microsoft.public.windowsxp.basics)
  • Re: Re-Post - "the trust relationship between this workstation and the
    ... "the trust relationship between this workstation and the primary domain ... only problem is adding a new user account on the station. ... This would be on the DNS server 172.20.100.2 ... Attr: subschemaSubentry ...
    (microsoft.public.windows.server.active_directory)
  • Sending email to mydomain.com
    ... server will appear as undeliverable. ... This happens because you are using the POP3 connector... ... an NDR when an account doesn't exist). ... >different from the user account names for the exchange ...
    (microsoft.public.windows.server.sbs)
  • RE: SOME Users cannot access OWA others do, error HTTP 500
    ... I understand that some account access OWA ... IIS 6.0 compression corruption causes access violations ... compressed copy of the affected files on the SBS server: ...
    (microsoft.public.windows.server.sbs)