Solved

Cannot assign new group as Primary Group

Posted on 2008-11-01
4
1,116 Views
Last Modified: 2012-05-05
I just created a new Domain Local group named FTPOnly.  I want to place a domain user account named FredTPuke in FTPOnly and in no other group.  By default, FredTPuke is in the Domain Users group.  I want to promote FTPOnly to FredTPuke's Primary Group, but I can't.  The "Set Primary Group" button is disabled when I select FTPOnly.  (See attached.)  Why?
SS1---Primary-Group.JPG
0
Comment
Question by:jdana
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 22

Expert Comment

by:dan_blagut
ID: 22857205
Hello
There is no need to set the primary group if you don't use Mac in your network. Anyway, all user account must be member of Domain users. So if you use the domain users group to assign right I suggest to find another group and to avoid use of built in groups for that.

Dan
0
 

Author Comment

by:jdana
ID: 22868396
Dan,

Thanks for the response.  I'll elaborate on the initial question.  I just installed Windows FTP Server on one of my home network servers (WS2003).  I disabled anonymous logons to prevent abuse of the site.  I want to create a single domain logon (FredTPuke, note the initials) that has permissions to access a single folder.  I suppose I could spend a lot of time hobbling the Domain Users group to accomplish, but that would be the incorrect approach.  So, I want a domain user that has no inherit permissions on the domain.  It seems like this should be an option.
0
 
LVL 22

Accepted Solution

by:
dan_blagut earned 500 total points
ID: 22868534
Then what you can do is to add the user in the guest group, then change the primary group to guests and delete the domain users.
Instead of guests you can create another group just for your need and make the account member of this newly created group.

Dan
0
 

Author Closing Comment

by:jdana
ID: 31512310
Perfect!
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question