Creating groups for permissions

I am having problems creating a simple group with members and then assigning them rights to a specific directory. I have a win2k sp3 server in a single domain with AD DNS running. A very simple setup. I have all the standard default groups. I would like to create a small group with only 5 users in it to have access to a specific directory. I create the group in AD, give it domain local status or Global status, and then add users to it, and then assign it to the directory, no luck. I am not sure what the group has to be a member of, such as user/builtin or whatever. It seems I have tried all possibilities and no luck. If someone could explain in detail how to create the group properly so that the rights will work, I will be very happy.
Thanks
LVL 1
PremierncAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
TooKoolKrisConnect With a Mentor Commented:
You can link the same GPO to multiple containers or you can simply add that security group to the existing GPO's security table. Just make sure that the "read" and "apply group policy" permissions are set for the group.

TKK
0
 
TooKoolKrisCommented:
MS recommends that you place Users into Global Groups then place those Global groups into Domain Local groups and then assign permissions to that group. Sounds kind of funny I know but thats what they say.

Group Type and Scope Usage in Windows
http://support.microsoft.com/default.aspx?scid=kb;en-us;231273

HOW TO: Manage Groups in Active Directory in Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;320054

Also make sure that the DC with the infrastructure FSMO role is up and running fine. If there is a problem with this role then you will have problems with group memberships.

TKK
0
 
pcbratCommented:
Logon to your server with a domain admin account(administrator will work). Open AD users and computers, expand your domain, highlight your domian, right click it to add new group, name your group, make it domain local, global is not necessary if you do not have multiple domains. Once your group is created add your users to it. Go to the folder you want to give rights to and open properties. Remove the propogation check so that the users you dont want to have access to this directory dont have it, and remove the everyone group from the directory, add your new user group and set the permissions.

Hoe this helps :)  
0
Learn to develop an Android App

Want to increase your earning potential in 2018? Pad your resume with app building experience. Learn how with this hands-on course.

 
PremierncAuthor Commented:
PCBrat,
Thanks for the steps but it still does not work. Should this group be a member of any other group such as users/builtin etc. At the directory security area, I am adding the new group and giving full control for the sake of testing. I have added administrator to the group before tryinh this. Once I remove the other groups, everyone and domains users from the security on the directory, I cannot access it with administrator logged in. Am I missing something? It seems like this should be simple.
0
 
PremierncAuthor Commented:
Toocollkris,
The DC has been up and running for awhile, and I can give rights to the directories for individual users with no trouble. How do I perform any checks to make sure I am not having any other strange problems making this happen?
Thanks
0
 
fonetikCommented:
Does the behavior change when you assign the rights to a User instead of a group?

Are there inherited permissions on this folder?

What effective rights are you allowing (Read, Write, Create, etc..)  If you are assigning any deny rights, it is what is causing this.  Deny rights override allow rights.
0
 
MSGeekCommented:
Run dcdiag.  AD is dependent on DNS, domain controller diagnostics may help figure out what is wrong here.
0
 
PremierncAuthor Commented:
I can assign an individual user all the rights in the world and it works fine. I'm not sure where the issue is, with the group or in the directory. I have taken off the inherited permissions. Kinda stumped
0
 
MSGeekCommented:
What have you done?  Have you tried what TKK suggested?  Have you run DCDiag?  Your last post was no different than the first and we can't see what you have tried, what worked and what didn't?
0
 
PremierncAuthor Commented:
Sorry for the delay,
I was just blowing it by not giving the group any specific rights in group policy. I thought if you made a group a member of a builtin group like "users" the rights for the group would transfer to the new group, not the case.  Does anyone know how to copy the group policy rights from one group to another, esentially making two groups the same? Then I could take away a certain number of rights rather than having to add the group to very ritgh it needs.
0
 
PremierncAuthor Commented:
Thanks for the input. I didn't try the last suggestion, but will do so soon, thanks.
0
All Courses

From novice to tech pro — start learning today.