AD: changing default permissions for users and objects from DCPROMO
guys. i've taken the first object for legacy compatibility in my AD whilst running DC Promo (see http://www.petri.co.il/images/dcpromo019.jpg ) to see the page; if i then want to change this within the AD; how can i do it? Or if i just have one domain controller; do i have to do another DCPromo, take off AD, and put it back on again??
ASKER
so all that option does is add 'everyone' into the pre-windows 2000' group??? That is ... typically microsoft-y i guess??!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
so in there; ideally i should only have authenticated users ... currently has anonymous logon and everyone
Mine has only Authenticated users and Exchange Domain Servers
ASKER
awesome cheers. i've got issues doing TRUST back to my old NT4 domain; so seeing whether this is related. Thanks for your speeeeeedy help Pber.
Glad to help.
The trust issue can be anything... usually netbios related.
See these:
http://support.microsoft.com/Default.aspx?id=325874
http://www.computing.net/windows2003/wwwboard/forum/4932.html
https://www.experts-exchange.com/questions/20898563/Trust-with-Windows-2003-with-NT4.html
https://www.experts-exchange.com/questions/21631912/Problem-with-creating-trust-between-NT4-and-Windows-2003-Server-Could-not-find-domain-controller-for-this-domain.html
The trust issue can be anything... usually netbios related.
See these:
http://support.microsoft.com/Default.aspx?id=325874
http://www.computing.net/windows2003/wwwboard/forum/4932.html
https://www.experts-exchange.com/questions/20898563/Trust-with-Windows-2003-with-NT4.html
https://www.experts-exchange.com/questions/21631912/Problem-with-creating-trust-between-NT4-and-Windows-2003-Server-Could-not-find-domain-controller-for-this-domain.html
ASKER
yeah i'm getting this:
the security database on the server does not have a computer account for this workstation trust relationship (on the windows 2003 box)
this is unusual... googled it. no joy yet.
the security database on the server does not have a computer account for this workstation trust relationship (on the windows 2003 box)
this is unusual... googled it. no joy yet.
The 2003 box, is that the AD box?
Have you been able to create a trust at all? Or is the Windows 2003 server the only problem machine?
Have you been able to create a trust at all? Or is the Windows 2003 server the only problem machine?
ASKER
yah the PDCE. AD is working ok - combed the logs. DNS is up. netbios is up.
can create it on the 2003 machine, but then on the confirmation, that's when it throws up the error.
can create it on the 2003 machine, but then on the confirmation, that's when it throws up the error.
ASKER
damn wins. sorted it. cheers Pber
It's usually always Netbios.
(:
Glad you got that working.
(:
Glad you got that working.
http://www.windowsnetworking.com/kbase/WindowsTips/Windows2000/AdminTips/Security/Pre-Windows2000CompatibleAccessGrouppermissionvulnerability.html
http://support.microsoft.com/default.aspx/kb/325363
http://windowssdk.msdn.microsoft.com/en-us/library/ms717997.aspx
http://www.jsifaq.com/SF/Tips/Tip.aspx?id=3763