Share Folder Permission on xp in a 2003 domain

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Brought up a 2003 dc with AD. Users can log in ok
but are unable to share folders on the client side.
each user is a member of the domainusers group.

Where can I enable the sharing of folders. Is it
part of the users group profile or hidden in AD.

I looked in group policy but was unable to find it.

Thanks ... Josh.
4 answers Last reply
More about share folder permission 2003 domain
  1. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    A normal user cannot create a share. The minimum requirement for this is to
    be a member of the (local) power users group. This is one of the few
    things, I believe, that cannot be delegated.

    For information on adding users to the power users group of local PCs,
    please refer to the following article:
    -- http://www.msresource.net/content/view/45/47/

    --
    Paul Williams
    Microsoft MVP - Windows Server - Directory Services
    http://www.msresource.net | http://forums.msresource.net
  2. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Paul this can be delegated via group policy. I found a way.

    The main problem is that by default there is no power users group
    on the DC side if this existed things would be easier right out of
    the box to implement.

    GP setting to allow xp user to create shared folders.

    LOCAL POLICIES "User Rights Assignments" from new gpmc snap in.
    "Computer configuration"

    permissions needed

    Access the computer from the network
    Act as part of the operating system
    Add workstations to domain "Can be disabled later on "
    Allow log on locally
    Backup files and directories
    change the system time
    create a pagefile
    create a token object
    create global objects
    create permenant shared objects
    log on as a service
    perform volume maintenance tasks
    Manage auditing and security log
    restore files and directories
    shutdown the system
    synch directory service data
    take ownership of files and other objects.

    I created a new OU put the user in the ou, created a gp called power
    users based on the above, ran gpupdate on dc and client. By default
    all user accounts are a member of the domain users group.

    default domain policy at root of tree is as follows.

    LOCAL POLICIES "User Rights Assignments"

    Access the computer from the network

    Administrators/ Authenticated users /
    Domain Admins / Domain Users

    Act as part of the operating system
    "As above"

    Allow Log on locally
    "As above"

    Create permenatnt shared objects
    "As above"

    All others are default "Not Defined"

    I would be interested what you think on this

    Thanks Josh...


    On Mon, 25 Apr 2005 08:17:58 +0100, "ptwilliams" <ptw2001@hotmail.com>
    wrote:

    >A normal user cannot create a share. The minimum requirement for this is to
    >be a member of the (local) power users group. This is one of the few
    >things, I believe, that cannot be delegated.
    >
    >For information on adding users to the power users group of local PCs,
    >please refer to the following article:
    > -- http://www.msresource.net/content/view/45/47/
  3. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    > I would be interested what you think on this

    Funnily enough, I stumbled across this option today. I would say that's the
    answer to your question!

    Well done!

    --
    Paul Williams
    Microsoft MVP - Windows Server - Directory Services
    http://www.msresource.net | http://forums.msresource.net
  4. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    If you really really need your users to be power users I'd choose to
    use restricted groups to make Domain Users member of the local Power
    Users group on the workstations instead of granting them all those user
    rights that could pose a big security threat.


    Josh Davis ha escrito:
    > Paul this can be delegated via group policy. I found a way.
    >
    > The main problem is that by default there is no power users group
    > on the DC side if this existed things would be easier right out of
    > the box to implement.
    >
    > GP setting to allow xp user to create shared folders.
    >
    > LOCAL POLICIES "User Rights Assignments" from new gpmc snap in.
    > "Computer configuration"
    >
    > permissions needed
    >
    > Access the computer from the network
    > Act as part of the operating system
    > Add workstations to domain "Can be disabled later on "
    > Allow log on locally
    > Backup files and directories
    > change the system time
    > create a pagefile
    > create a token object
    > create global objects
    > create permenant shared objects
    > log on as a service
    > perform volume maintenance tasks
    > Manage auditing and security log
    > restore files and directories
    > shutdown the system
    > synch directory service data
    > take ownership of files and other objects.
    >
    > I created a new OU put the user in the ou, created a gp called power
    > users based on the above, ran gpupdate on dc and client. By default
    > all user accounts are a member of the domain users group.
    >
    > default domain policy at root of tree is as follows.
    >
    > LOCAL POLICIES "User Rights Assignments"
    >
    > Access the computer from the network
    >
    > Administrators/ Authenticated users /
    > Domain Admins / Domain Users
    >
    > Act as part of the operating system
    > "As above"
    >
    > Allow Log on locally
    > "As above"
    >
    > Create permenatnt shared objects
    > "As above"
    >
    > All others are default "Not Defined"
    >
    > I would be interested what you think on this
    >
    > Thanks Josh...
    >
    >
    >
    >
    >
    >
    > On Mon, 25 Apr 2005 08:17:58 +0100, "ptwilliams"
    <ptw2001@hotmail.com>
    > wrote:
    >
    > >A normal user cannot create a share. The minimum requirement for
    this is to
    > >be a member of the (local) power users group. This is one of the
    few
    > >things, I believe, that cannot be delegated.
    > >
    > >For information on adding users to the power users group of local
    PCs,
    > >please refer to the following article:
    > > -- http://www.msresource.net/content/view/45/47/
Ask a new question

Read More

Windows XP Active Directory Windows