Re: unable to access non-trusted resource by default - why?
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 25 Jan 2007 19:56:44 -0600
You can only use the C$ as an administrator. If the user is trying to access
the other path as a regular user he probably does not have enough rights for
the application which is bad news if it is on a domain controller. I suggest
you try regmon from Microsoft to see if you can determine what registry keys
the user is being denied access to and then tweak registry permissions to
give that user or users needed access. Logon as a regular user and then
start regmon using runas with admin credentials and the log should show what
registry key is causing the problem when you look for deny or failed entries
in the log. You might also try contacting the publisher of the application
about the error you are getting to see if they can advise you OTHER than
making the user an administrator.
Steve
http://www.microsoft.com/technet/sysinternals/utilities/Regmon.mspx ---
regmons filter option can help you track pertinent events
"seeker01" <seeker01@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4AD73C73-8BF7-499D-9996-8197EABF6953@xxxxxxxxxxxxxxxx
Steve,
Thanks for your good feedback. The environment is small, so the current DC
is also the application server. I mapped to \\domain\app as \\domain\user
logon successfully but got this error when clicking the application
""vision
startup wrapper - V utilities Build 7 - could not create registry tree:
computer :192.x.x.x \software\varian\os\systems\varis\71" But this error
will
go away once I mapped to \\192.x.x.x\c$. Checked the share permission is
"Everyone full control" & NTFS permission is "user with read, write &
delete
permission". Hope you know why. thanks.
"Steven L Umbach" wrote:
Sharing the C or any drive drive of a domain controller is a very bad
idea,
particularly when giving a user domain administrator access. It is best
if a
domain controller not do any function other than being a domain
controller.
If that is not possible for some reason then share only the folder that a
user needs access to and then give the user needed access to the shared
folder as a regular domain user and not a domain administrator. If the
user
is trying to access from a non trusted domain the user possibly still can
access if the user uses credentials [user account/password] of a user
account in the domain that access is needed in though the user may need
to
specify user name as domain\user.
Steve
"seeker01" <seeker01@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:499B84F8-110F-4A79-A19E-85D7DAAFECBA@xxxxxxxxxxxxxxxx
hi there,
How I enable a Windows XP Professional user to access a network
application
from a non-trusted Windows 2000 domain controller is bad, so need to
fix
it
ASAP. XP user (from VLAN 1) is a member of a NT4 domain (from VLAN2).
For
it
to work today, first I added W2K application server name (from VLAN3)
to
host
and lmhost.sam files. Then I do map network drive to the Windows 2000
domain
controller C:\ root drive using the server IP address and domain
administrator password. The network access of both VLAN 1 & VLAN 3 are
fully
opened; VLAN1 & VLAN2 are fully opened; no access between VLAN2 &
VLAN3.
Is
there a seamless solution without exposing the root administrator
password?
.
- References:
- Re: unable to access non-trusted resource by default - why?
- From: Steven L Umbach
- Re: unable to access non-trusted resource by default - why?
- Prev by Date: Re: Roaming Profile? what roaming profile?
- Next by Date: Re: Unable to add/remove members of local Admin group
- Previous by thread: Re: unable to access non-trusted resource by default - why?
- Next by thread: Re: digital signature on network batch file
- Index(es):
Relevant Pages
|
