No announcement yet.

domain users and group help!!

  • Filter
  • Time
  • Show
Clear All
new posts

  • domain users and group help!!

    Please let me know if this seems to be the right way to go about this as we are having huge trouble with permissions in our domain.

    We are running a Win 2003 server domain controller with 5 member servers - 1 email, 1 web and 3 file storage, we have around 40 client computers - all the clients were previously connected to our old domain controller.

    We re created the accounts on the new DC and began to add them to groups and i think thats where we got all screwed up.......

    Our client machines are a mixture of win xp and mac osx running admit mac 1.1.1

    All machines can be seen on the domain network and can connect to the internet , however opening files on all member servers and other user machines causes either read only permissions, or the machine cannot see anything... so we are sure that its a group permission thing.
    Each machine needs to be able to access and retrieve and modify files on the member file servers.

    We are about to try again tommmorow by scrapping all the groups that we previously made....

    can someone verify if the following seems to be the way to go....
    Lets assume We have created 40 user accounts within our domain.

    Create a Global group called Accounts
    Add all accounts users to it as members of that group.

    Create a Global group called Scheduling
    add all Scheduling users to it as members of that group.

    create a Local group called Business
    Add the Global accounts and Global Scheduling groups to it as members of that group?

    then Define access rights to the local group business.
    (how exactly is this done?)
    (will this will then affect all users within acccounts and scheduling?)is this done on the active directory domain controller or does it have to be done on all the member servers as well>?

    Now the 2nd part -

    lets say member File server "Zeus" has a D: Drive
    with many folders and subfolders within containg word and excel docs.

    How do i go about letting all members of business access to it?
    What happens if i wanted just members of Global Admins to have access to it?
    finnally lets say i want to share a E: Drive on one of the users computers, how would i go about letting the Local Group Business have access to it?

    thankyou for your time in helping

  • #2
    Re: domain users and group help!!


    First of all, you seem to lack some basic concepts in NTFS and how exactly it works...

    i suggest you go ahead and read the next article...

    this should clear ip a few things for you and hopefully will help you with your problems.

    the option you suggested was correct for Windows NT, today we use Domain local groups, but basicly the idea is still the same and correct.

    regarding your D: drive, it is possible but not recommanded to share an entire volume. the recommanded option is to put all files and folder you wish to share in a dedicated folder on the specified volume and share that folder only.
    Yaniv Feldman
    Microsoft Security Regional Director
    Microsoft Management Expert


    • #3
      Re: domain users and group help!!

      Lets break down you question into different section. Do begin with you main issue.
      Is the permission problem only happening to MAC users or all clients??

      Yes, the way you have assigned users to group and given permissions is the best practice. You only need to do this on one of your DCs not the member server.

      As yanivfel suggested refer to the NTFS access permission and you may want to rephrase your question so we can approach it differently to help understand the required task better