Can I grant a LOCAL computer account active directory permissions on a domain?
Posted on 2009-04-07
We have a network with 4 server 2003 servers. One of these is a domain controller, the other 2 are running different database applications with SQL 2003/2005, the 4th is running a xerox workflow program. the 4th server was joined to the domain, however, the Xerox software is trying to process a job that contains data that it needs to pull from the domain contoller, buried inside a folder that does not have a direct share to it. For some reason, when xerox set this up, they have a local administrator account on that machine that is responsible for retrieving the data, and they say that there is nothign they can do to change it-- they want us to just share the folders directly, with 'everyone' set to 'full control'. If this was just ONE folder, i wouldnt mind, however, this pertains to about 6,000 plus job folders, and i am not all that comfortable with sharing them all out, nor do i want 6,000 shared folders on my server.
WHAT I would like to do, is somehow make the LOCAL ACCOUNT on the 4th server available in active directory so that i can add it to a group that has permissions on that server. If i log on as that account (lets call it XEROX_admin) i can browse to the folder i need, and it prompts me for a username and password. If i manually enter a domain username and password that has allready been granted access to this folder, it works fine. HOWEVER, xerox tells us that there is no way that they can set their software up to pass domain user credentials through.
Anyone have any ideas?