How to add domain groups to privileges on Win7 and Server 2008r2

Greetings,

For some reason, servers and workstations are not allowing us to add domain groups to folder or process permission (ie. the ability to add software).  When we go to the "Add" section of the permissions screen, it only lets us add users.

Is there something we can change to show groups in addition to users?
Thank you
LVL 9
Evan CutlerVolunteer Chief Information OfficerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MaheshArchitectCommented:
make sure that active directory is selected under locations and group objects are selected under object types in order to add AD groups on ACL
0
Evan CutlerVolunteer Chief Information OfficerAuthor Commented:
Hi Mahesh,
we did...that's the problem.  Domain Groups, nor groups are in the list of possible object types.
What am I missing?
Thanks.
0
yo_beeDirector of Information TechnologyCommented:
Could you post a screenshot of the Option when you are checking the option for Groups as well as Users for your search?
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Evan CutlerVolunteer Chief Information OfficerAuthor Commented:
Hi yo_bee.
I'm sorry, it didn't tell me you responded.
Thanks much.

Here's the screenshot.
object types
back in the day, we could add domain groups to the machine, but in this case it won't let me.

How do I put it back in?
Thanks much.
0
yo_beeDirector of Information TechnologyCommented:
What computer are you doing this from as well as the account using to access the GUI ACL interface?
0
Evan CutlerVolunteer Chief Information OfficerAuthor Commented:
windows 7 pro attached to a domain controller.
0
yo_beeDirector of Information TechnologyCommented:
What level user account are you using?
Did you try this from a Server as a Domain Admin or Administrator account?
0
Evan CutlerVolunteer Chief Information OfficerAuthor Commented:
yes.  We log in as domain administrator on the workstation.  It allows me to add users from the domain, but not groups.

Thanks
0
yo_beeDirector of Information TechnologyCommented:
Have you tried other folders (Network or Local) ?
Have you tried using the Advance Button to add the Groups?
0
yo_beeDirector of Information TechnologyCommented:
Also have you tried via a server or another Workstation to see if it is a one off situation.
0
Evan CutlerVolunteer Chief Information OfficerAuthor Commented:
yes.
I just did.
Every computer that is attached to the domain suffers this problem.
When I try to add a domain group to the list of authorized users, groups are not part of the object types.  Only users.

For example,
Lets say I have 32 people in Department A, and 47 People in Department B.
I want to allow Department A access to the computer.   MY domain is Active Directory Run.

Right now, I'd have to individually manage all 32 Domain users on that box, not add the Dept A OU, and let Active Directory manage that.

That's where I'm at.
Thanks
0
yo_beeDirector of Information TechnologyCommented:
What about another File Server or Local Folder?
0
Evan CutlerVolunteer Chief Information OfficerAuthor Commented:
I can grant access to folders to groups.  That can be done.
Thanks
0
yo_beeDirector of Information TechnologyCommented:
Is there any Event Log Errors under Security?
0
yo_beeDirector of Information TechnologyCommented:
So you are able to Grant Group Rights to other Server shares or your local machine?
0
Evan CutlerVolunteer Chief Information OfficerAuthor Commented:
ok.  I can grant groups access to shares on the local machine.
I cannot add groups as users on the machine.  That is where I'm stuck.
0
yo_beeDirector of Information TechnologyCommented:
It sounds like something changed in your Domain Security.
Do you recall if there was any changes to that?
0
Evan CutlerVolunteer Chief Information OfficerAuthor Commented:
that's where I'm stuck.  I don't know where or how to figure that out.
How do I find it?
THanks.
0
yo_beeDirector of Information TechnologyCommented:
The Screenshot is of what?
I do not see the Folder Permission window.
It does not look like the security tab.

Is that the windows from the folder you are adding security to?
How are you interfacing with these settings?
Are you doing it through ADUC or directly from the file server UNC
0
Evan CutlerVolunteer Chief Information OfficerAuthor Commented:
no.
the screen shot is of us attempting to add a group of domain authenticated users to a workstation so they can log in.
As you can see the "add user" screen does not allow us to add Domain Groups as authenticated users on the workstation.
If I were to add those users, right now I have to do them one at a time.  That would take too much to maintain.

The workstation runs win7.
0
Evan CutlerVolunteer Chief Information OfficerAuthor Commented:
that screenshot is on the workstation we are trying to add the group to.
0
yo_beeDirector of Information TechnologyCommented:
Are you add security to a folder or the computer?
I thought this was a folder the entire time.
0
Evan CutlerVolunteer Chief Information OfficerAuthor Commented:
no...no...I'm sorry for the confusion.
We are trying to add a group of users to a workstation instead of adding them one at a time.
we have a domain group in AD, and I want to add that group to one of my workstations so anyone in the group can log in.
That's what I"m trying to do.
0
yo_beeDirector of Information TechnologyCommented:
Why not use Group Policy to achieve this
0
Evan CutlerVolunteer Chief Information OfficerAuthor Commented:
please explain.
Are you saying use Group Policy to add domain groups type to the selection box?
or use Group Policy to add user groups to the box?
Thanks.
0
yo_beeDirector of Information TechnologyCommented:
What I would do then is create a OU and block all GPO from processing to that OU.
Move a workstation that you want to use for testing into that OU.

Do a GPUPDATE /FORCE  from CMD and reboot.

After that Logon and see if you see the option available.
This task will determine if it is a GPO setting or not.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
LeeTutorretiredCommented:
I've requested that this question be deleted for the following reason:

Not enough information to confirm an answer.
0
Evan CutlerVolunteer Chief Information OfficerAuthor Commented:
I'm not sure what to do on this one...
but I wanted to give points for taking the time to work with me.
Unfortunately it was not a GPO problem.
We went to our venders and asked for professional assistance.
Thanks.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.