T
Thorsten Zwicker
Hello!
We changed our Windows server topology to AD 2000 by updating the PDC
(NT-Server). Because some NT Servers are still left, we are running in
compatibility modus with NT. During migration we changed our domain
name.
Before this migration, standard users could change/update access
rights to network file shares. (Owners of shares or enough rights). Now, if
a user is working on a PC with Win 2k, there is no possibility to
change access rights on a network file server. The domain access
control list is not available, only the local access control list (of
this server) is available. Administrators don't have this problem. If
a standard user is working on a NT-Machine - it is still possible.
These users can modify the access rights, with the new domain access
control list
The domain access control list for Win2k standard users is only
available on the local machine, where they are working. Here they can
create a network share with the new domain access control list.
Is this a bug or a security feature/ restriction of AD 2k? How can I
grant rights to standard win2k users to modify access rights on shared
folders on network file servers? What is really strange to me - with
NT they have sufficient rights.
Any ideas, thanks for help in advance.
Thorsten Zwicker
We changed our Windows server topology to AD 2000 by updating the PDC
(NT-Server). Because some NT Servers are still left, we are running in
compatibility modus with NT. During migration we changed our domain
name.
Before this migration, standard users could change/update access
rights to network file shares. (Owners of shares or enough rights). Now, if
a user is working on a PC with Win 2k, there is no possibility to
change access rights on a network file server. The domain access
control list is not available, only the local access control list (of
this server) is available. Administrators don't have this problem. If
a standard user is working on a NT-Machine - it is still possible.
These users can modify the access rights, with the new domain access
control list
The domain access control list for Win2k standard users is only
available on the local machine, where they are working. Here they can
create a network share with the new domain access control list.
Is this a bug or a security feature/ restriction of AD 2k? How can I
grant rights to standard win2k users to modify access rights on shared
folders on network file servers? What is really strange to me - with
NT they have sufficient rights.
Any ideas, thanks for help in advance.
Thorsten Zwicker