Don't worry about how the permissions are being displayed. The GUI will try and display the permissions based on how the ACEs are configured. An ACE can not have both CREATE Computer Objects and Read Permissions, the ACE structures don't work that way, they would have to be separate ACEs.
joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bruyere, Michel Sent: Wednesday, June 09, 2004 2:15 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] strange thing... Hi, In fact what happen is that it create 2 distinct items under the advanced button. It's like the perms being cut into 2 categories. I have the first object (the technician group) which has List contents Read all properties Read permissions And a second one lower at the bottom of the list where there are Create computer objects Delete computer objects I tried to put the Create computer objects and Delete computer objects on the first one and delete the second, but I revert to the same setting. It's removing the computer objects from the first in the list to recreate a second in the list. I don't know if this can help you but if you prefer I can send you PrinScreens off list Michel Bruyere Network/systems administrator CompTIA A+, Network+ The quickest way to find something is to start looking for something else. :-) -----Message d'origine----- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Rutherford, Robert Envoyé : Wednesday, June 09, 2004 10:55 AM À : [EMAIL PROTECTED] Objet : RE: [ActiveDir] strange thing... Just clarifying.... It appears that you are saying ... when you first designate the rights that members of the technician group can add wks to the domain and the next day they cannot? Are the rights still set on the next day as you defined them on the first day? Or are the reverting back? -----Original Message----- From: Bruyere, Michel [mailto:[EMAIL PROTECTED] Sent: 09 June 2004 15:37 To: [EMAIL PROTECTED] Subject: [ActiveDir] strange thing... Hi all, It's my first post here. I've been referred here and been told that you guys were the "real gurus" of AD. I have a strange thing happening and I would like to have your thoughts about it. Here is the situation, I created a group called "technicians" and I gave the user right "add station to the domain to it. I then added the technician group to the computers OU and set the following: List contents Read all properties Read permissions Create computer objects Delete computer objects The problem is that when I set these, everything works fine. But the next day when a tech (member of the technician group) tries to join a computer to the domain he has an access denied. To fix the issue temporarily, I gave the group the perms (create all childs object and delete all childs object). I tried to remove the inheritance of the perms on this ou but it didn't help. I can't see why this is happening. Thanks Michel Bruyere Network/systems administrator CompTIA A+, Network+ The quickest way to find something is to start looking for something else. :-) List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains. It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes. The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB. List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
