Sign in with
Sign up | Sign in
Your question

Share Folder Permission on xp in a 2003 domain

Last response: in Windows 2000/NT
Share
Anonymous
April 24, 2005 10:38:11 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Brought up a 2003 dc with AD. Users can log in ok
but are unable to share folders on the client side.
each user is a member of the domainusers group.

Where can I enable the sharing of folders. Is it
part of the users group profile or hidden in AD.

I looked in group policy but was unable to find it.

Thanks ... Josh.

More about : share folder permission 2003 domain

Anonymous
April 25, 2005 12:17:58 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

A normal user cannot create a share. The minimum requirement for this is to
be a member of the (local) power users group. This is one of the few
things, I believe, that cannot be delegated.

For information on adding users to the power users group of local PCs,
please refer to the following article:
-- http://www.msresource.net/content/view/45/47/

--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net
Anonymous
April 29, 2005 2:57:31 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Paul this can be delegated via group policy. I found a way.

The main problem is that by default there is no power users group
on the DC side if this existed things would be easier right out of
the box to implement.

GP setting to allow xp user to create shared folders.

LOCAL POLICIES "User Rights Assignments" from new gpmc snap in.
"Computer configuration"

permissions needed

Access the computer from the network
Act as part of the operating system
Add workstations to domain "Can be disabled later on "
Allow log on locally
Backup files and directories
change the system time
create a pagefile
create a token object
create global objects
create permenant shared objects
log on as a service
perform volume maintenance tasks
Manage auditing and security log
restore files and directories
shutdown the system
synch directory service data
take ownership of files and other objects.

I created a new OU put the user in the ou, created a gp called power
users based on the above, ran gpupdate on dc and client. By default
all user accounts are a member of the domain users group.

default domain policy at root of tree is as follows.

LOCAL POLICIES "User Rights Assignments"

Access the computer from the network

Administrators/ Authenticated users /
Domain Admins / Domain Users

Act as part of the operating system
"As above"

Allow Log on locally
"As above"

Create permenatnt shared objects
"As above"

All others are default "Not Defined"

I would be interested what you think on this

Thanks Josh...






On Mon, 25 Apr 2005 08:17:58 +0100, "ptwilliams" <ptw2001@hotmail.com>
wrote:

>A normal user cannot create a share. The minimum requirement for this is to
>be a member of the (local) power users group. This is one of the few
>things, I believe, that cannot be delegated.
>
>For information on adding users to the power users group of local PCs,
>please refer to the following article:
> -- http://www.msresource.net/content/view/45/47/
Related resources
Anonymous
April 29, 2005 9:32:22 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

> I would be interested what you think on this

Funnily enough, I stumbled across this option today. I would say that's the
answer to your question!

Well done!

--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net
Anonymous
May 9, 2005 4:31:13 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

If you really really need your users to be power users I'd choose to
use restricted groups to make Domain Users member of the local Power
Users group on the workstations instead of granting them all those user
rights that could pose a big security threat.



Josh Davis ha escrito:
> Paul this can be delegated via group policy. I found a way.
>
> The main problem is that by default there is no power users group
> on the DC side if this existed things would be easier right out of
> the box to implement.
>
> GP setting to allow xp user to create shared folders.
>
> LOCAL POLICIES "User Rights Assignments" from new gpmc snap in.
> "Computer configuration"
>
> permissions needed
>
> Access the computer from the network
> Act as part of the operating system
> Add workstations to domain "Can be disabled later on "
> Allow log on locally
> Backup files and directories
> change the system time
> create a pagefile
> create a token object
> create global objects
> create permenant shared objects
> log on as a service
> perform volume maintenance tasks
> Manage auditing and security log
> restore files and directories
> shutdown the system
> synch directory service data
> take ownership of files and other objects.
>
> I created a new OU put the user in the ou, created a gp called power
> users based on the above, ran gpupdate on dc and client. By default
> all user accounts are a member of the domain users group.
>
> default domain policy at root of tree is as follows.
>
> LOCAL POLICIES "User Rights Assignments"
>
> Access the computer from the network
>
> Administrators/ Authenticated users /
> Domain Admins / Domain Users
>
> Act as part of the operating system
> "As above"
>
> Allow Log on locally
> "As above"
>
> Create permenatnt shared objects
> "As above"
>
> All others are default "Not Defined"
>
> I would be interested what you think on this
>
> Thanks Josh...
>
>
>
>
>
>
> On Mon, 25 Apr 2005 08:17:58 +0100, "ptwilliams"
<ptw2001@hotmail.com>
> wrote:
>
> >A normal user cannot create a share. The minimum requirement for
this is to
> >be a member of the (local) power users group. This is one of the
few
> >things, I believe, that cannot be delegated.
> >
> >For information on adding users to the power users group of local
PCs,
> >please refer to the following article:
> > -- http://www.msresource.net/content/view/45/47/
!