subject:"Re\: Can \\\\pc1\\user has rights to \\\\pc2\\share\\folder1\?"

RE: Can \\pc1\user has rights to \\pc2\share\folder1?

2008-06-23 Thread Ken Schaefer


> -Original Message-
> From: Stephen Wimberly [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, 24 June 2008 5:22 AM
> To: NT System Admin Issues
> Subject: RE: Can \\pc1\user has rights to \\pc2\share\folder1?
>
> Where I actually disagree with the method here; I don't think a local user
> of one server or computer should be granted rights to a folder on yet
> another computer rather than a domain member, I agree it _should_ function.

No, it shouldn't function. You can't add local users from one machine to 
another machine. The only security principals you can add are the ones that the 
server *hosting* the share knows about: local users on the remote server, or 
domain users.

If there is an "IUSR_PC1" account, it must have been created as a local account 
on Server1, and the passwords synched between the two local accounts.

That is one way of getting a web server's default anonymous user account to be 
able to write to a remote file share (the other is using domain account).

> I'm told it has functioned until Friday afternoon

I think your co-worker is confused.

Cheers
Ken




> I'm told it has functioned until Friday afternoon.  The last time I approved
> and applied any MS updates was last Monday.  We run a fairly clean
> environment as it's only 20 servers and 400 or so desktops, so it's fairly
> easy to manage IF they are all relatively similar to each other so we try to
> keep them that way.
>
> Pc1 is a web server with NO file/Print ports open, server1 is a file share
> with NO web ports open.  Neither is a domain controller.  There are no ports
> blocked between the two computers and the domain controllers though, the
> servers are all on the same switch.
>
> Thanks for taking an interest!  This one has me going mad.  "mad I tell ya!"
>
>
> -Original Message-----
> From: Erik Goldoff [mailto:[EMAIL PROTECTED]
> Sent: Monday, June 23, 2008 2:48 PM
> To: NT System Admin Issues
> Subject: RE: Can \\pc1\user has rights to \\pc2\share\folder1?
>
> Strange... What level AD are you running(2000, 2003?), and what OS for the
> PC1 desktop (2000, XP, Vista) ? You got me curious now, gotta try this in a
> lab or VM environment to see
>
> -----Original Message-----
> From: Stephen Wimberly [mailto:[EMAIL PROTECTED]
> Sent: Monday, June 23, 2008 2:34 PM
> To: NT System Admin Issues
> Subject: RE: Can \\pc1\user has rights to \\pc2\share\folder1?
>
> I don't see where anything has changed on pc1, and I've tried this with
> several computers and I'm not seeing any difference.  Maybe a needed service
> on pc1 or server1 has been disabled or corrupted?
>
>
> -Original Message-
> From: Erik Goldoff [mailto:[EMAIL PROTECTED]
> Sent: Monday, June 23, 2008 1:47 PM
> To: NT System Admin Issues
> Subject: RE: Can \\pc1\user has rights to \\pc2\share\folder1?
>
> Well, if the PC1 is a member of the domain computers and you're a domain
> administrator then you *should* be able to enumerate the local PC users &
> Groups.  Can you login locally to PC1 to check users and groups to see if
> anything has been changed or deleted  ?
>
> -Original Message-
> From: Stephen Wimberly [mailto:[EMAIL PROTECTED]
> Sent: Monday, June 23, 2008 1:20 PM
> To: NT System Admin Issues
> Subject: RE: Can \\pc1\user has rights to \\pc2\share\folder1?
>
> If I follow you, you're saying create a group at the domain level and add a
> user from a workstation into the domain group?
>
> I already have a group that has access for other reasons, when I attempt to
> add \\pc1\user I get name is not valid.  I could add the computer object,
> \\pc1, but the application is not using the system account.  I don't know
> how to add a local machine user to a domain group.
>
>
> -Original Message-
> From: Erik Goldoff [mailto:[EMAIL PROTECTED]
> Sent: Monday, June 23, 2008 1:03 PM
> To: NT System Admin Issues
> Subject: RE: Can \\pc1\user has rights to \\pc2\share\folder1?
>
> Hmmmm, could you not just make a group that has the required rights to the
> share, and then explicitly add the local user from PC1 to the group ?
>
> -Original Message-
> From: Stephen Wimberly [mailto:[EMAIL PROTECTED]
> Sent: Monday, June 23, 2008 12:58 PM
> To: NT System Admin Issues
> Subject: RE: Can \\pc1\user has rights to \\pc2\share\folder1?
>
> I have been able to duplicate the 'problem' so here is a more detailed
> "user" issue:
>
> I am also a member of Domain Admins and Enterprise Admins in our forest.  We
> have a simple forest with only one domain.  When I log into \\pc1 with full
> rights, I map a drive to \\SERVER1\Share and right click "

RE: Can \\pc1\user has rights to \\pc2\share\folder1?

2008-06-23 Thread Stephen Wimberly

Actually pc1 and server1 are both at Windows 2003 Server R2 with Service
Pack 2.  The domain is a functional 2003 domain level.

Where I actually disagree with the method here; I don't think a local user
of one server or computer should be granted rights to a folder on yet
another computer rather than a domain member, I agree it _should_ function.
I'm told it has functioned until Friday afternoon.  The last time I approved
and applied any MS updates was last Monday.  We run a fairly clean
environment as it's only 20 servers and 400 or so desktops, so it's fairly
easy to manage IF they are all relatively similar to each other so we try to
keep them that way.

Pc1 is a web server with NO file/Print ports open, server1 is a file share
with NO web ports open.  Neither is a domain controller.  There are no ports
blocked between the two computers and the domain controllers though, the
servers are all on the same switch.

Thanks for taking an interest!  This one has me going mad.  "mad I tell ya!"


-Original Message-
From: Erik Goldoff [mailto:[EMAIL PROTECTED] 
Sent: Monday, June 23, 2008 2:48 PM
To: NT System Admin Issues
Subject: RE: Can \\pc1\user has rights to \\pc2\share\folder1?

Strange... What level AD are you running(2000, 2003?), and what OS for the
PC1 desktop (2000, XP, Vista) ? You got me curious now, gotta try this in a
lab or VM environment to see

-Original Message-
From: Stephen Wimberly [mailto:[EMAIL PROTECTED]
Sent: Monday, June 23, 2008 2:34 PM
To: NT System Admin Issues
Subject: RE: Can \\pc1\user has rights to \\pc2\share\folder1?

I don't see where anything has changed on pc1, and I've tried this with
several computers and I'm not seeing any difference.  Maybe a needed service
on pc1 or server1 has been disabled or corrupted?


-Original Message-
From: Erik Goldoff [mailto:[EMAIL PROTECTED]
Sent: Monday, June 23, 2008 1:47 PM
To: NT System Admin Issues
Subject: RE: Can \\pc1\user has rights to \\pc2\share\folder1?

Well, if the PC1 is a member of the domain computers and you're a domain
administrator then you *should* be able to enumerate the local PC users &
Groups.  Can you login locally to PC1 to check users and groups to see if
anything has been changed or deleted  ?

-Original Message-
From: Stephen Wimberly [mailto:[EMAIL PROTECTED]
Sent: Monday, June 23, 2008 1:20 PM
To: NT System Admin Issues
Subject: RE: Can \\pc1\user has rights to \\pc2\share\folder1?

If I follow you, you're saying create a group at the domain level and add a
user from a workstation into the domain group?

I already have a group that has access for other reasons, when I attempt to
add \\pc1\user I get name is not valid.  I could add the computer object,
\\pc1, but the application is not using the system account.  I don't know
how to add a local machine user to a domain group.


-Original Message-
From: Erik Goldoff [mailto:[EMAIL PROTECTED]
Sent: Monday, June 23, 2008 1:03 PM
To: NT System Admin Issues
Subject: RE: Can \\pc1\user has rights to \\pc2\share\folder1?

H, could you not just make a group that has the required rights to the
share, and then explicitly add the local user from PC1 to the group ? 

-Original Message-
From: Stephen Wimberly [mailto:[EMAIL PROTECTED]
Sent: Monday, June 23, 2008 12:58 PM
To: NT System Admin Issues
Subject: RE: Can \\pc1\user has rights to \\pc2\share\folder1?

I have been able to duplicate the 'problem' so here is a more detailed
"user" issue:

I am also a member of Domain Admins and Enterprise Admins in our forest.  We
have a simple forest with only one domain.  When I log into \\pc1 with full
rights, I map a drive to \\SERVER1\Share and right click "folder1" to gain
properties I can click ADD to add a user or group to the security rights
list, and then click on LOCATIONS to pick users from a specific location.
In the results I see the server hosting the share, SERVER1, and the AD
structure.  NOT the local \\pc1 as a choice.

I am told that I should see the local computer as a choice and be able to
select users that are local to the local computer.  Is that correct?

The account in question is the IUSR_pc1, which is a web user that needs to
write code to the file share.



-Original Message-
From: Erik Goldoff [mailto:[EMAIL PROTECTED]
Sent: Monday, June 23, 2008 12:45 PM
To: NT System Admin Issues
Subject: RE: Can \\pc1\user has rights to \\pc2\share\folder1?

Are you *sure* the user is part of the lcoal PC1 security and NOT part of
the Domain logging in from PC1 ? 

-Original Message-
From: Stephen Wimberly [mailto:[EMAIL PROTECTED]
Sent: Monday, June 23, 2008 12:37 PM
To: NT System Admin Issues
Subject: Can \\pc1\user has rights to \\pc2\share\folder1?

If I am on a computer, call it "\\pc1" and map a drive to \\SERVER1\share
could I then right click a sub folder to the mapped drive, call i

RE: Can \\pc1\user has rights to \\pc2\share\folder1?

2008-06-23 Thread Erik Goldoff

Strange... What level AD are you running(2000, 2003?), and what OS for the
PC1 desktop (2000, XP, Vista) ? You got me curious now, gotta try this in a
lab or VM environment to see

-Original Message-
From: Stephen Wimberly [mailto:[EMAIL PROTECTED] 
Sent: Monday, June 23, 2008 2:34 PM
To: NT System Admin Issues
Subject: RE: Can \\pc1\user has rights to \\pc2\share\folder1?

I don't see where anything has changed on pc1, and I've tried this with
several computers and I'm not seeing any difference.  Maybe a needed service
on pc1 or server1 has been disabled or corrupted?

-Original Message-
From: Erik Goldoff [mailto:[EMAIL PROTECTED]
Sent: Monday, June 23, 2008 1:47 PM
To: NT System Admin Issues
Subject: RE: Can \\pc1\user has rights to \\pc2\share\folder1?

Well, if the PC1 is a member of the domain computers and you're a domain
administrator then you *should* be able to enumerate the local PC users &
Groups.  Can you login locally to PC1 to check users and groups to see if
anything has been changed or deleted  ?

-Original Message-
From: Stephen Wimberly [mailto:[EMAIL PROTECTED]
Sent: Monday, June 23, 2008 1:20 PM
To: NT System Admin Issues
Subject: RE: Can \\pc1\user has rights to \\pc2\share\folder1?

If I follow you, you're saying create a group at the domain level and add a
user from a workstation into the domain group?

I already have a group that has access for other reasons, when I attempt to
add \\pc1\user I get name is not valid.  I could add the computer object,
\\pc1, but the application is not using the system account.  I don't know
how to add a local machine user to a domain group.

-Original Message-
From: Erik Goldoff [mailto:[EMAIL PROTECTED]
Sent: Monday, June 23, 2008 1:03 PM
To: NT System Admin Issues
Subject: RE: Can \\pc1\user has rights to \\pc2\share\folder1?

H, could you not just make a group that has the required rights to the
share, and then explicitly add the local user from PC1 to the group ? 

-Original Message-
From: Stephen Wimberly [mailto:[EMAIL PROTECTED]
Sent: Monday, June 23, 2008 12:58 PM
To: NT System Admin Issues
Subject: RE: Can \\pc1\user has rights to \\pc2\share\folder1?

I have been able to duplicate the 'problem' so here is a more detailed
"user" issue:

I am also a member of Domain Admins and Enterprise Admins in our forest.  We
have a simple forest with only one domain.  When I log into \\pc1 with full
rights, I map a drive to \\SERVER1\Share and right click "folder1" to gain
properties I can click ADD to add a user or group to the security rights
list, and then click on LOCATIONS to pick users from a specific location.
In the results I see the server hosting the share, SERVER1, and the AD
structure.  NOT the local \\pc1 as a choice.

I am told that I should see the local computer as a choice and be able to
select users that are local to the local computer.  Is that correct?

The account in question is the IUSR_pc1, which is a web user that needs to
write code to the file share.

-Original Message-
From: Erik Goldoff [mailto:[EMAIL PROTECTED]
Sent: Monday, June 23, 2008 12:45 PM
To: NT System Admin Issues
Subject: RE: Can \\pc1\user has rights to \\pc2\share\folder1?

Are you *sure* the user is part of the lcoal PC1 security and NOT part of
the Domain logging in from PC1 ? 

-Original Message-
From: Stephen Wimberly [mailto:[EMAIL PROTECTED]
Sent: Monday, June 23, 2008 12:37 PM
To: NT System Admin Issues
Subject: Can \\pc1\user has rights to \\pc2\share\folder1?

If I am on a computer, call it "\\pc1" and map a drive to \\SERVER1\share
could I then right click a sub folder to the mapped drive, call it
\\SERVER1\share\folder1 and look at the properties for the folder1, ADD a
user or group and then click LOCATIONS to add local users from \\pc1, the
computer I am locally logged into?  Both SERVER1 and pc1 are in the same
windows domain.

I have a coworker that tells me he has had this setup for years and Friday
it suddenly stopped working, and now pc1 is no longer an option when
clicking on LOCATIONS to add users or groups.  He wants me to fix it so that
\\pc1\user can have security rights to \\SERVER1\share\folder1.  How is
SERVER1 going to know anything about a local user on a remote machine?

Is this 'broken'?

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~ No virus
found in this incoming message.
Checked by AVG. 
Version: 8.0.100 / Virus Database: 270.4.1/1514 - Release Date: 6/23/2008
7:17 AM

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~ No virus
found in this incoming message.
Checked by AVG.

RE: Can \\pc1\user has rights to \\pc2\share\folder1?

2008-06-23 Thread Stephen Wimberly

I don't see where anything has changed on pc1, and I've tried this with
several computers and I'm not seeing any difference.  Maybe a needed service
on pc1 or server1 has been disabled or corrupted?

-Original Message-
From: Erik Goldoff [mailto:[EMAIL PROTECTED] 
Sent: Monday, June 23, 2008 1:47 PM
To: NT System Admin Issues
Subject: RE: Can \\pc1\user has rights to \\pc2\share\folder1?

Well, if the PC1 is a member of the domain computers and you're a domain
administrator then you *should* be able to enumerate the local PC users &
Groups.  Can you login locally to PC1 to check users and groups to see if
anything has been changed or deleted  ?

-Original Message-
From: Stephen Wimberly [mailto:[EMAIL PROTECTED]
Sent: Monday, June 23, 2008 1:20 PM
To: NT System Admin Issues
Subject: RE: Can \\pc1\user has rights to \\pc2\share\folder1?

If I follow you, you're saying create a group at the domain level and add a
user from a workstation into the domain group?

I already have a group that has access for other reasons, when I attempt to
add \\pc1\user I get name is not valid.  I could add the computer object,
\\pc1, but the application is not using the system account.  I don't know
how to add a local machine user to a domain group.

-Original Message-
From: Erik Goldoff [mailto:[EMAIL PROTECTED]
Sent: Monday, June 23, 2008 1:03 PM
To: NT System Admin Issues
Subject: RE: Can \\pc1\user has rights to \\pc2\share\folder1?

H, could you not just make a group that has the required rights to the
share, and then explicitly add the local user from PC1 to the group ? 

-Original Message-
From: Stephen Wimberly [mailto:[EMAIL PROTECTED]
Sent: Monday, June 23, 2008 12:58 PM
To: NT System Admin Issues
Subject: RE: Can \\pc1\user has rights to \\pc2\share\folder1?

I have been able to duplicate the 'problem' so here is a more detailed
"user" issue:

I am also a member of Domain Admins and Enterprise Admins in our forest.  We
have a simple forest with only one domain.  When I log into \\pc1 with full
rights, I map a drive to \\SERVER1\Share and right click "folder1" to gain
properties I can click ADD to add a user or group to the security rights
list, and then click on LOCATIONS to pick users from a specific location.
In the results I see the server hosting the share, SERVER1, and the AD
structure.  NOT the local \\pc1 as a choice.

I am told that I should see the local computer as a choice and be able to
select users that are local to the local computer.  Is that correct?

The account in question is the IUSR_pc1, which is a web user that needs to
write code to the file share.

-Original Message-
From: Erik Goldoff [mailto:[EMAIL PROTECTED]
Sent: Monday, June 23, 2008 12:45 PM
To: NT System Admin Issues
Subject: RE: Can \\pc1\user has rights to \\pc2\share\folder1?

Are you *sure* the user is part of the lcoal PC1 security and NOT part of
the Domain logging in from PC1 ? 

-Original Message-
From: Stephen Wimberly [mailto:[EMAIL PROTECTED]
Sent: Monday, June 23, 2008 12:37 PM
To: NT System Admin Issues
Subject: Can \\pc1\user has rights to \\pc2\share\folder1?

If I am on a computer, call it "\\pc1" and map a drive to \\SERVER1\share
could I then right click a sub folder to the mapped drive, call it
\\SERVER1\share\folder1 and look at the properties for the folder1, ADD a
user or group and then click LOCATIONS to add local users from \\pc1, the
computer I am locally logged into?  Both SERVER1 and pc1 are in the same
windows domain.

I have a coworker that tells me he has had this setup for years and Friday
it suddenly stopped working, and now pc1 is no longer an option when
clicking on LOCATIONS to add users or groups.  He wants me to fix it so that
\\pc1\user can have security rights to \\SERVER1\share\folder1.  How is
SERVER1 going to know anything about a local user on a remote machine?

Is this 'broken'?

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~ No virus
found in this incoming message.
Checked by AVG. 
Version: 8.0.100 / Virus Database: 270.4.1/1514 - Release Date: 6/23/2008
7:17 AM

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~ No virus
found in this incoming message.
Checked by AVG. 
Version: 8.0.100 / Virus Database: 270.4.1/1514 - Release Date: 6/23/2008
7:17 AM

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~ No virus
found in this in

RE: Can \\pc1\user has rights to \\pc2\share\folder1?

2008-06-23 Thread Erik Goldoff

Well, if the PC1 is a member of the domain computers and you're a domain
administrator then you *should* be able to enumerate the local PC users &
Groups.  Can you login locally to PC1 to check users and groups to see if
anything has been changed or deleted  ?

-Original Message-
From: Stephen Wimberly [mailto:[EMAIL PROTECTED] 
Sent: Monday, June 23, 2008 1:20 PM
To: NT System Admin Issues
Subject: RE: Can \\pc1\user has rights to \\pc2\share\folder1?

If I follow you, you're saying create a group at the domain level and add a
user from a workstation into the domain group?

I already have a group that has access for other reasons, when I attempt to
add \\pc1\user I get name is not valid.  I could add the computer object,
\\pc1, but the application is not using the system account.  I don't know
how to add a local machine user to a domain group.

-Original Message-
From: Erik Goldoff [mailto:[EMAIL PROTECTED]
Sent: Monday, June 23, 2008 1:03 PM
To: NT System Admin Issues
Subject: RE: Can \\pc1\user has rights to \\pc2\share\folder1?

H, could you not just make a group that has the required rights to the
share, and then explicitly add the local user from PC1 to the group ? 

-Original Message-
From: Stephen Wimberly [mailto:[EMAIL PROTECTED]
Sent: Monday, June 23, 2008 12:58 PM
To: NT System Admin Issues
Subject: RE: Can \\pc1\user has rights to \\pc2\share\folder1?

I have been able to duplicate the 'problem' so here is a more detailed
"user" issue:

I am also a member of Domain Admins and Enterprise Admins in our forest.  We
have a simple forest with only one domain.  When I log into \\pc1 with full
rights, I map a drive to \\SERVER1\Share and right click "folder1" to gain
properties I can click ADD to add a user or group to the security rights
list, and then click on LOCATIONS to pick users from a specific location.
In the results I see the server hosting the share, SERVER1, and the AD
structure.  NOT the local \\pc1 as a choice.

I am told that I should see the local computer as a choice and be able to
select users that are local to the local computer.  Is that correct?

The account in question is the IUSR_pc1, which is a web user that needs to
write code to the file share.

-Original Message-
From: Erik Goldoff [mailto:[EMAIL PROTECTED]
Sent: Monday, June 23, 2008 12:45 PM
To: NT System Admin Issues
Subject: RE: Can \\pc1\user has rights to \\pc2\share\folder1?

Are you *sure* the user is part of the lcoal PC1 security and NOT part of
the Domain logging in from PC1 ? 

-Original Message-
From: Stephen Wimberly [mailto:[EMAIL PROTECTED]
Sent: Monday, June 23, 2008 12:37 PM
To: NT System Admin Issues
Subject: Can \\pc1\user has rights to \\pc2\share\folder1?

If I am on a computer, call it "\\pc1" and map a drive to \\SERVER1\share
could I then right click a sub folder to the mapped drive, call it
\\SERVER1\share\folder1 and look at the properties for the folder1, ADD a
user or group and then click LOCATIONS to add local users from \\pc1, the
computer I am locally logged into?  Both SERVER1 and pc1 are in the same
windows domain.

I have a coworker that tells me he has had this setup for years and Friday
it suddenly stopped working, and now pc1 is no longer an option when
clicking on LOCATIONS to add users or groups.  He wants me to fix it so that
\\pc1\user can have security rights to \\SERVER1\share\folder1.  How is
SERVER1 going to know anything about a local user on a remote machine?

Is this 'broken'?

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~ No virus
found in this incoming message.
Checked by AVG. 
Version: 8.0.100 / Virus Database: 270.4.1/1514 - Release Date: 6/23/2008
7:17 AM

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~ No virus
found in this incoming message.
Checked by AVG. 
Version: 8.0.100 / Virus Database: 270.4.1/1514 - Release Date: 6/23/2008
7:17 AM

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~ No virus
found in this incoming message.
Checked by AVG. 
Version: 8.0.100 / Virus Database: 270.4.1/1514 - Release Date: 6/23/2008
7:17 AM

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: Can \\pc1\user has rights to \\pc2\share\folder1?

2008-06-23 Thread Stephen Wimberly

If I follow you, you're saying create a group at the domain level and add a
user from a workstation into the domain group?

I already have a group that has access for other reasons, when I attempt to
add \\pc1\user I get name is not valid.  I could add the computer object,
\\pc1, but the application is not using the system account.  I don't know
how to add a local machine user to a domain group.


-Original Message-
From: Erik Goldoff [mailto:[EMAIL PROTECTED] 
Sent: Monday, June 23, 2008 1:03 PM
To: NT System Admin Issues
Subject: RE: Can \\pc1\user has rights to \\pc2\share\folder1?

H, could you not just make a group that has the required rights to the
share, and then explicitly add the local user from PC1 to the group ? 

-Original Message-
From: Stephen Wimberly [mailto:[EMAIL PROTECTED]
Sent: Monday, June 23, 2008 12:58 PM
To: NT System Admin Issues
Subject: RE: Can \\pc1\user has rights to \\pc2\share\folder1?

I have been able to duplicate the 'problem' so here is a more detailed
"user" issue:

I am also a member of Domain Admins and Enterprise Admins in our forest.  We
have a simple forest with only one domain.  When I log into \\pc1 with full
rights, I map a drive to \\SERVER1\Share and right click "folder1" to gain
properties I can click ADD to add a user or group to the security rights
list, and then click on LOCATIONS to pick users from a specific location.
In the results I see the server hosting the share, SERVER1, and the AD
structure.  NOT the local \\pc1 as a choice.

I am told that I should see the local computer as a choice and be able to
select users that are local to the local computer.  Is that correct?

The account in question is the IUSR_pc1, which is a web user that needs to
write code to the file share.



-Original Message-
From: Erik Goldoff [mailto:[EMAIL PROTECTED]
Sent: Monday, June 23, 2008 12:45 PM
To: NT System Admin Issues
Subject: RE: Can \\pc1\user has rights to \\pc2\share\folder1?

Are you *sure* the user is part of the lcoal PC1 security and NOT part of
the Domain logging in from PC1 ? 

-Original Message-
From: Stephen Wimberly [mailto:[EMAIL PROTECTED]
Sent: Monday, June 23, 2008 12:37 PM
To: NT System Admin Issues
Subject: Can \\pc1\user has rights to \\pc2\share\folder1?

If I am on a computer, call it "\\pc1" and map a drive to \\SERVER1\share
could I then right click a sub folder to the mapped drive, call it
\\SERVER1\share\folder1 and look at the properties for the folder1, ADD a
user or group and then click LOCATIONS to add local users from \\pc1, the
computer I am locally logged into?  Both SERVER1 and pc1 are in the same
windows domain.

I have a coworker that tells me he has had this setup for years and Friday
it suddenly stopped working, and now pc1 is no longer an option when
clicking on LOCATIONS to add users or groups.  He wants me to fix it so that
\\pc1\user can have security rights to \\SERVER1\share\folder1.  How is
SERVER1 going to know anything about a local user on a remote machine?

Is this 'broken'?



~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~ No virus
found in this incoming message.
Checked by AVG. 
Version: 8.0.100 / Virus Database: 270.4.1/1514 - Release Date: 6/23/2008
7:17 AM


~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~


~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~ No virus
found in this incoming message.
Checked by AVG. 
Version: 8.0.100 / Virus Database: 270.4.1/1514 - Release Date: 6/23/2008
7:17 AM


~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~


~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: Can \\pc1\user has rights to \\pc2\share\folder1?

2008-06-23 Thread Erik Goldoff

H, could you not just make a group that has the required rights to the
share, and then explicitly add the local user from PC1 to the group ? 

-Original Message-
From: Stephen Wimberly [mailto:[EMAIL PROTECTED] 
Sent: Monday, June 23, 2008 12:58 PM
To: NT System Admin Issues
Subject: RE: Can \\pc1\user has rights to \\pc2\share\folder1?

I have been able to duplicate the 'problem' so here is a more detailed
"user" issue:

I am also a member of Domain Admins and Enterprise Admins in our forest.  We
have a simple forest with only one domain.  When I log into \\pc1 with full
rights, I map a drive to \\SERVER1\Share and right click "folder1" to gain
properties I can click ADD to add a user or group to the security rights
list, and then click on LOCATIONS to pick users from a specific location.
In the results I see the server hosting the share, SERVER1, and the AD
structure.  NOT the local \\pc1 as a choice.

I am told that I should see the local computer as a choice and be able to
select users that are local to the local computer.  Is that correct?

The account in question is the IUSR_pc1, which is a web user that needs to
write code to the file share.

-Original Message-
From: Erik Goldoff [mailto:[EMAIL PROTECTED]
Sent: Monday, June 23, 2008 12:45 PM
To: NT System Admin Issues
Subject: RE: Can \\pc1\user has rights to \\pc2\share\folder1?

Are you *sure* the user is part of the lcoal PC1 security and NOT part of
the Domain logging in from PC1 ? 

-Original Message-
From: Stephen Wimberly [mailto:[EMAIL PROTECTED]
Sent: Monday, June 23, 2008 12:37 PM
To: NT System Admin Issues
Subject: Can \\pc1\user has rights to \\pc2\share\folder1?

If I am on a computer, call it "\\pc1" and map a drive to \\SERVER1\share
could I then right click a sub folder to the mapped drive, call it
\\SERVER1\share\folder1 and look at the properties for the folder1, ADD a
user or group and then click LOCATIONS to add local users from \\pc1, the
computer I am locally logged into?  Both SERVER1 and pc1 are in the same
windows domain.

I have a coworker that tells me he has had this setup for years and Friday
it suddenly stopped working, and now pc1 is no longer an option when
clicking on LOCATIONS to add users or groups.  He wants me to fix it so that
\\pc1\user can have security rights to \\SERVER1\share\folder1.  How is
SERVER1 going to know anything about a local user on a remote machine?

Is this 'broken'?

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~ No virus
found in this incoming message.
Checked by AVG. 
Version: 8.0.100 / Virus Database: 270.4.1/1514 - Release Date: 6/23/2008
7:17 AM

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~ No virus
found in this incoming message.
Checked by AVG. 
Version: 8.0.100 / Virus Database: 270.4.1/1514 - Release Date: 6/23/2008
7:17 AM

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: Can \\pc1\user has rights to \\pc2\share\folder1?

2008-06-23 Thread Stephen Wimberly

I have been able to duplicate the 'problem' so here is a more detailed
"user" issue:

I am also a member of Domain Admins and Enterprise Admins in our forest.  We
have a simple forest with only one domain.  When I log into \\pc1 with full
rights, I map a drive to \\SERVER1\Share and right click "folder1" to gain
properties I can click ADD to add a user or group to the security rights
list, and then click on LOCATIONS to pick users from a specific location.
In the results I see the server hosting the share, SERVER1, and the AD
structure.  NOT the local \\pc1 as a choice.

I am told that I should see the local computer as a choice and be able to
select users that are local to the local computer.  Is that correct?

The account in question is the IUSR_pc1, which is a web user that needs to
write code to the file share.



-Original Message-
From: Erik Goldoff [mailto:[EMAIL PROTECTED] 
Sent: Monday, June 23, 2008 12:45 PM
To: NT System Admin Issues
Subject: RE: Can \\pc1\user has rights to \\pc2\share\folder1?

Are you *sure* the user is part of the lcoal PC1 security and NOT part of
the Domain logging in from PC1 ? 

-Original Message-
From: Stephen Wimberly [mailto:[EMAIL PROTECTED]
Sent: Monday, June 23, 2008 12:37 PM
To: NT System Admin Issues
Subject: Can \\pc1\user has rights to \\pc2\share\folder1?

If I am on a computer, call it "\\pc1" and map a drive to \\SERVER1\share
could I then right click a sub folder to the mapped drive, call it
\\SERVER1\share\folder1 and look at the properties for the folder1, ADD a
user or group and then click LOCATIONS to add local users from \\pc1, the
computer I am locally logged into?  Both SERVER1 and pc1 are in the same
windows domain.

I have a coworker that tells me he has had this setup for years and Friday
it suddenly stopped working, and now pc1 is no longer an option when
clicking on LOCATIONS to add users or groups.  He wants me to fix it so that
\\pc1\user can have security rights to \\SERVER1\share\folder1.  How is
SERVER1 going to know anything about a local user on a remote machine?

Is this 'broken'?



~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~ No virus
found in this incoming message.
Checked by AVG. 
Version: 8.0.100 / Virus Database: 270.4.1/1514 - Release Date: 6/23/2008
7:17 AM


~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~


~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: Can \\pc1\user has rights to \\pc2\share\folder1?

2008-06-23 Thread Stephen Wimberly

The user attempting the share is a domain admin and a member of Enterprise
Admins.

The user on the local workstation is merely a user.  Could it be that the
local user needs domain admin rights to do this?  Ie: iuser_pc1.


-Original Message-
From: Eric Woodford [mailto:[EMAIL PROTECTED] 
Sent: Monday, June 23, 2008 12:42 PM
To: NT System Admin Issues
Subject: Re: Can \\pc1\user has rights to \\pc2\share\folder1?

IMO, it sounds like his domain account had inherited admin rights on that
server and they were removed. 

Now he only has basic access rights and cannot modify folders..




On Mon, Jun 23, 2008 at 9:37 AM, Stephen Wimberly <[EMAIL PROTECTED]>
wrote:


If I am on a computer, call it "\\pc1" and map a drive to
\\SERVER1\share
could I then right click a sub folder to the mapped drive, call it
\\SERVER1\share\folder1 and look at the properties for the folder1,
ADD a
user or group and then click LOCATIONS to add local users from
\\pc1, the
computer I am locally logged into?  Both SERVER1 and pc1 are in the
same
windows domain.

I have a coworker that tells me he has had this setup for years and
Friday
it suddenly stopped working, and now pc1 is no longer an option when
clicking on LOCATIONS to add users or groups.  He wants me to fix it
so that
\\pc1\user can have security rights to \\SERVER1\share\folder1.  How
is
SERVER1 going to know anything about a local user on a remote
machine?

Is this 'broken'?



~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~





~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: Can \\pc1\user has rights to \\pc2\share\folder1?

2008-06-23 Thread Erik Goldoff

Are you *sure* the user is part of the lcoal PC1 security and NOT part of
the Domain logging in from PC1 ? 

-Original Message-
From: Stephen Wimberly [mailto:[EMAIL PROTECTED] 
Sent: Monday, June 23, 2008 12:37 PM
To: NT System Admin Issues
Subject: Can \\pc1\user has rights to \\pc2\share\folder1?

If I am on a computer, call it "\\pc1" and map a drive to \\SERVER1\share
could I then right click a sub folder to the mapped drive, call it
\\SERVER1\share\folder1 and look at the properties for the folder1, ADD a
user or group and then click LOCATIONS to add local users from \\pc1, the
computer I am locally logged into?  Both SERVER1 and pc1 are in the same
windows domain.

I have a coworker that tells me he has had this setup for years and Friday
it suddenly stopped working, and now pc1 is no longer an option when
clicking on LOCATIONS to add users or groups.  He wants me to fix it so that
\\pc1\user can have security rights to \\SERVER1\share\folder1.  How is
SERVER1 going to know anything about a local user on a remote machine?

Is this 'broken'?

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~ No virus
found in this incoming message.
Checked by AVG. 
Version: 8.0.100 / Virus Database: 270.4.1/1514 - Release Date: 6/23/2008
7:17 AM

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Re: Can \\pc1\user has rights to \\pc2\share\folder1?

2008-06-23 Thread Eric Woodford

IMO, it sounds like his domain account had inherited admin rights on that
server and they were removed.

Now he only has basic access rights and cannot modify folders..



On Mon, Jun 23, 2008 at 9:37 AM, Stephen Wimberly <[EMAIL PROTECTED]>
wrote:

> If I am on a computer, call it "\\pc1" and map a drive to \\SERVER1\share
> could I then right click a sub folder to the mapped drive, call it
> \\SERVER1\share\folder1 and look at the properties for the folder1, ADD a
> user or group and then click LOCATIONS to add local users from \\pc1, the
> computer I am locally logged into?  Both SERVER1 and pc1 are in the same
> windows domain.
>
> I have a coworker that tells me he has had this setup for years and Friday
> it suddenly stopped working, and now pc1 is no longer an option when
> clicking on LOCATIONS to add users or groups.  He wants me to fix it so
> that
> \\pc1\user can have security rights to \\SERVER1\share\folder1.  How is
> SERVER1 going to know anything about a local user on a remote machine?
>
> Is this 'broken'?
>
>
>
> ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
> ~   ~
>

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: Can \\pc1\user has rights to \\pc2\share\folder1?

RE: Can \\pc1\user has rights to \\pc2\share\folder1?

RE: Can \\pc1\user has rights to \\pc2\share\folder1?

RE: Can \\pc1\user has rights to \\pc2\share\folder1?

RE: Can \\pc1\user has rights to \\pc2\share\folder1?

RE: Can \\pc1\user has rights to \\pc2\share\folder1?

RE: Can \\pc1\user has rights to \\pc2\share\folder1?

RE: Can \\pc1\user has rights to \\pc2\share\folder1?

RE: Can \\pc1\user has rights to \\pc2\share\folder1?

RE: Can \\pc1\user has rights to \\pc2\share\folder1?

Re: Can \\pc1\user has rights to \\pc2\share\folder1?

11 matches

Site Navigation

Mail list logo

Footer information