Hi,
I need to allow an user to create shared folder on a server
through the
Group Policy. the server is a domain controller and just this
one that is why
i can't put the account in an "admin" group.
Thanks for your help!!
Ebk
The following should help you...
* Share creation restrictions. Access to share operations such as
creating a share, changing share information, and deleting a share,
are controlled by security descriptors. On a server, administrators
can decide who can/cannot perform certain share operations. For
example, on a file server, administrators should be able to delegate
or remove Power Users to create file shares. The ability to
create/delete shares is controlled by a ACE in the security
descriptor, where Power Users can be added/removed from the security
descriptor to allow or deny the ability.
The security descriptors are stored in the registry by SRV service,
under
LanManServer\DefaultSecurity, as following: . SrvsvcShareFileInfo,
REG_BINARY: Permission to control access on file share operation.
. SrvsvcSharePrintInfo, REG_BINARY: Permission to control access
on
print share operation.
. SrvsvcShareAdminInfo, REG_BINARY
Cheers,
