?
Solved

Creating groups for permissions

Posted on 2003-03-07
11
Medium Priority
?
184 Views
Last Modified: 2010-04-13
I am having problems creating a simple group with members and then assigning them rights to a specific directory. I have a win2k sp3 server in a single domain with AD DNS running. A very simple setup. I have all the standard default groups. I would like to create a small group with only 5 users in it to have access to a specific directory. I create the group in AD, give it domain local status or Global status, and then add users to it, and then assign it to the directory, no luck. I am not sure what the group has to be a member of, such as user/builtin or whatever. It seems I have tried all possibilities and no luck. If someone could explain in detail how to create the group properly so that the rights will work, I will be very happy.
Thanks
0
Comment
Question by:Premiernc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
  • 2
  • +2
11 Comments
 
LVL 9

Expert Comment

by:TooKoolKris
ID: 8090939
MS recommends that you place Users into Global Groups then place those Global groups into Domain Local groups and then assign permissions to that group. Sounds kind of funny I know but thats what they say.

Group Type and Scope Usage in Windows
http://support.microsoft.com/default.aspx?scid=kb;en-us;231273

HOW TO: Manage Groups in Active Directory in Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;320054

Also make sure that the DC with the infrastructure FSMO role is up and running fine. If there is a problem with this role then you will have problems with group memberships.

TKK
0
 
LVL 10

Expert Comment

by:pcbrat
ID: 8090994
Logon to your server with a domain admin account(administrator will work). Open AD users and computers, expand your domain, highlight your domian, right click it to add new group, name your group, make it domain local, global is not necessary if you do not have multiple domains. Once your group is created add your users to it. Go to the folder you want to give rights to and open properties. Remove the propogation check so that the users you dont want to have access to this directory dont have it, and remove the everyone group from the directory, add your new user group and set the permissions.

Hoe this helps :)  
0
 
LVL 1

Author Comment

by:Premiernc
ID: 8091084
PCBrat,
Thanks for the steps but it still does not work. Should this group be a member of any other group such as users/builtin etc. At the directory security area, I am adding the new group and giving full control for the sake of testing. I have added administrator to the group before tryinh this. Once I remove the other groups, everyone and domains users from the security on the directory, I cannot access it with administrator logged in. Am I missing something? It seems like this should be simple.
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 1

Author Comment

by:Premiernc
ID: 8091104
Toocollkris,
The DC has been up and running for awhile, and I can give rights to the directories for individual users with no trouble. How do I perform any checks to make sure I am not having any other strange problems making this happen?
Thanks
0
 

Expert Comment

by:fonetik
ID: 8091648
Does the behavior change when you assign the rights to a User instead of a group?

Are there inherited permissions on this folder?

What effective rights are you allowing (Read, Write, Create, etc..)  If you are assigning any deny rights, it is what is causing this.  Deny rights override allow rights.
0
 
LVL 9

Expert Comment

by:MSGeek
ID: 8094617
Run dcdiag.  AD is dependent on DNS, domain controller diagnostics may help figure out what is wrong here.
0
 
LVL 1

Author Comment

by:Premiernc
ID: 8107555
I can assign an individual user all the rights in the world and it works fine. I'm not sure where the issue is, with the group or in the directory. I have taken off the inherited permissions. Kinda stumped
0
 
LVL 9

Expert Comment

by:MSGeek
ID: 8110810
What have you done?  Have you tried what TKK suggested?  Have you run DCDiag?  Your last post was no different than the first and we can't see what you have tried, what worked and what didn't?
0
 
LVL 1

Author Comment

by:Premiernc
ID: 8115169
Sorry for the delay,
I was just blowing it by not giving the group any specific rights in group policy. I thought if you made a group a member of a builtin group like "users" the rights for the group would transfer to the new group, not the case.  Does anyone know how to copy the group policy rights from one group to another, esentially making two groups the same? Then I could take away a certain number of rights rather than having to add the group to very ritgh it needs.
0
 
LVL 9

Accepted Solution

by:
TooKoolKris earned 500 total points
ID: 8115726
You can link the same GPO to multiple containers or you can simply add that security group to the existing GPO's security table. Just make sure that the "read" and "apply group policy" permissions are set for the group.

TKK
0
 
LVL 1

Author Comment

by:Premiernc
ID: 8154082
Thanks for the input. I didn't try the last suggestion, but will do so soon, thanks.
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question