Solved

windows 2008 share - security permissions

Posted on 2013-06-12
8
357 Views
Last Modified: 2013-06-12
When trying to assign the "Domain\Users" object to a shared folders in a  Windows 2008 domain, it is saying the object cannot be found.    From both of the DCs we have no problem assigning the "Domain\Users" object.     I tried from multiple other domain PCs and Servers, logging in with the same admin account, but get the error that it can't find that object.  It has no problems finding other OUs and adding those permissions.

Thanks
0
Comment
Question by:tiptechs
  • 4
  • 4
8 Comments
 
LVL 13

Expert Comment

by:Michael Machie
ID: 39241660
Make sure that when you try to add the 'Domain Users' to the permissions that the 'From this location' is specified as your Domain. If it is showing the computer name then you will get this message.

Try typing 'Domain' in the 'Select users, Computers, Service Accounts, or Groups' , then click 'ok', to see if the Domain accounts and groups are listed. You should see 'Domain Admins, Domain Computers, Domain Guests, Domain Controllers, and Domain Users' and any other Domain Groups you have created. If 'Domain Users' is not listed then that is why you are getting this message.  

If the Server is not part of the Domain then you will also receive this message.
0
 

Author Comment

by:tiptechs
ID: 39241851
The correct domain is showing up.  I can choose browse and see everything in the domain.    I select the domain "domain.com" and then choose object "Users" and that is when it says it can't be found.  Though this works on the DCs.
0
 
LVL 13

Expert Comment

by:Michael Machie
ID: 39241967
When using 'Domain' instead of Users, do you see 'Domain Users' listed?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:tiptechs
ID: 39241999
I am trying to use just "Users" which is the default container.    We have a few users setup under Domain.com -> Users instead of being in a seperate OU.   I can select those other OUs with no problem.  The "Users" container works fine from the DCs, but not from any other server / pc on the domain.
0
 

Author Comment

by:tiptechs
ID: 39242079
Thinking this is some sort of permissions issue, but cannot find anything.  If I do an advanced search from a member servers shared folder under adding security permissions.    It will find everything in the domain except for the default containers such as "Users", "Computers", etc..

Thanks.
0
 
LVL 13

Accepted Solution

by:
Michael Machie earned 500 total points
ID: 39242124
On the DCs is a default AD container called Users, as you are aware. You do not apply permissions to a share via AD container when the folder is not located on the DC, only via a User account or Group(s). Not only that but permissions via an UO is not recommended.

I was able to verify that you can indeed select some default OU containers, not manually created ones, in the permissions box - but only from a shared folder local to the DC. You cannot do this from a folder not on a DC.  

You will need to create a Security Group and add the desired Users into that group, then provide that Group permissions to the folder, or, add each User individually.
0
 

Author Comment

by:tiptechs
ID: 39242191
Thanks Machienet.   I was thinking this might be a default behavior, but wasn't sure.

Thanks again.
0
 
LVL 13

Expert Comment

by:Michael Machie
ID: 39242282
Sure thing. Try it out and if when you verify it is working, please mark my answer as the Solution :)
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question