Template Build Shows SID, Not Name

  • Thread starter Thread starter Tony Stark
  • Start date Start date
T

Tony Stark

Hello,

I am creating a custom security template for Win2k and Win2k3 in an NT 4.0
domain, in the template I have defined a local group, L_Template for
example, where the global group will be placed into the local group so the
users in the global group will have access to do various things.

The issue I have run into is that even though I create a L_Template group on
the server where I am going to apply the template I have found that after I
import and apply the template adn look at the permission settings in the
template all I see is the SID of the account where I careated the
template...

How can I create a template that will allow me to specify a group that we
create that can perform certian actions and then use that template on other
servers and not see the SID but the actual account?

Thank you!

Tony
 
When you create a local group it is assigned a sid specific to that machine and other
machines will not be able to resolve the sid to a name because it will not exist on
that computer. In a W2K domain you can specify domain groups and use Group Policy to
manage security settings to a group of servers. In your situation you may need to
modify the Local Security Policy on each computer to do what you wan to do. ---
Steve
 
Thanks for the response Steve,

Thanks what I was afraid you'd say... The only other way is to use the Power
Users group but I would have to make sure that that group doesn't have
permissions to do anything other than what we set it for....I wonder..is
there a tool to see all permissions of a group on a server? That would make
it too easy..<g>

I can't really use a Global group since there will be a differnet group of
users for every server and I was trying to avoid too many Global
groups....but it looks like I will try that. I am hoping not to edit each
server since I have individuals that build the servers apply the templates.

Next challange will be to edit the Local Policies to lock the users down
even more.

Thanks again!!

Tony
 
Back
Top