Problems with giving the Domain Users group access to fold..

Archived from groups: microsoft.public.win2000.security (More info?)

Hello,

Having a problem here with giving the group Domain Users rights to
objects. For example, I have a \bin\ folder. I right click on this
folder and select the Security tab. Then I click Add..., choose
Domain Users from the Entire Directory, and give the group full
control from the checkboxes.

Here's where the problem starts. Members of Domain Users still aren't
getting the access they need to \...\bin\. If I go back and check the
security settings for that folder, there's no Domain Users listing.
In its place is a "None" group. Its syntax is None(<<Local computer
name>>\None).

How can I keep this from happening? No matter how many times I try to
add Domain users to an object, it always changes to the None group.

Thanks,

--CW
6 answers Last reply
More about problems giving domain users group access fold
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    That's a new one on me. I have never seen a "none" group. The syntax also suggests
    that "none" is a local computer group. Try giving "users" from the local computer
    permissions to see if that works. The local users group on a domain computer contains
    the domain users group. Usually a group does not disappear, but instead you will see
    a bunch of numbers that are the unresolved sid for the group.

    It would be a good idea to give that computer a full virus scan with virus
    definitions up to date as of today since you are having unexplained behavior. Also
    run netdiag on it looking for any failed tests that may indicate a problem with
    domain access such as failed test/errors for dns, dc discover, kerberos, and domain
    membership-secure channel. nediag is part of the support tools on the install cdrom
    in the support/tools folder where you will need to run the setup program there. ---
    Steve


    "corn29@ no_spam excite.com" <corn29@excite.com> wrote in message
    news:216bf30e.0407281358.670a3d20@posting.google.com...
    > Hello,
    >
    > Having a problem here with giving the group Domain Users rights to
    > objects. For example, I have a \bin\ folder. I right click on this
    > folder and select the Security tab. Then I click Add..., choose
    > Domain Users from the Entire Directory, and give the group full
    > control from the checkboxes.
    >
    > Here's where the problem starts. Members of Domain Users still aren't
    > getting the access they need to \...\bin\. If I go back and check the
    > security settings for that folder, there's no Domain Users listing.
    > In its place is a "None" group. Its syntax is None(<<Local computer
    > name>>\None).
    >
    > How can I keep this from happening? No matter how many times I try to
    > add Domain users to an object, it always changes to the None group.
    >
    > Thanks,
    >
    > --CW
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    I thought it was very curious behavior as well... especially with
    regard to Domain Users "changing" to a local group. Local groups and
    accounts are not allowed on our system by the security folks either.
    At any rate, we're having some of the SID issues you mentioned below
    as well. I'm starting to wonder is this comes from cloning/ghosting a
    machine... at least that's when I see these problems raise their ugly
    head. I did follow Q262958 (even though we're not getting any 1000 or
    1053 errors) without any success.

    So with all of this said, do you have any insight on how to clean up
    the "bunch of numbers that are the unresolved sid for the group"?

    Oh, BTW netdiag /fix fails on the DC with "[FATAL] Failed to get
    system information of this machine". I'm NOT getting any DNS errors
    (only browser errors - 8021 & 8032). Any ideas?

    Thanks again!

    --CW


    "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message news:<wq_Nc.174849$a24.97243@attbi_s03>...
    > That's a new one on me. I have never seen a "none" group. The syntax also suggests
    > that "none" is a local computer group. Try giving "users" from the local computer
    > permissions to see if that works. The local users group on a domain computer contains
    > the domain users group. Usually a group does not disappear, but instead you will see
    > a bunch of numbers that are the unresolved sid for the group.
    >
    > It would be a good idea to give that computer a full virus scan with virus
    > definitions up to date as of today since you are having unexplained behavior. Also
    > run netdiag on it looking for any failed tests that may indicate a problem with
    > domain access such as failed test/errors for dns, dc discover, kerberos, and domain
    > membership-secure channel. nediag is part of the support tools on the install cdrom
    > in the support/tools folder where you will need to run the setup program there. ---
    > Steve
    >
    >
    > "corn29@ no_spam excite.com" <corn29@excite.com> wrote in message
    > news:216bf30e.0407281358.670a3d20@posting.google.com...
    > > Hello,
    > >
    > > Having a problem here with giving the group Domain Users rights to
    > > objects. For example, I have a \bin\ folder. I right click on this
    > > folder and select the Security tab. Then I click Add..., choose
    > > Domain Users from the Entire Directory, and give the group full
    > > control from the checkboxes.
    > >
    > > Here's where the problem starts. Members of Domain Users still aren't
    > > getting the access they need to \...\bin\. If I go back and check the
    > > security settings for that folder, there's no Domain Users listing.
    > > In its place is a "None" group. Its syntax is None(<<Local computer
    > > name>>\None).
    > >
    > > How can I keep this from happening? No matter how many times I try to
    > > add Domain users to an object, it always changes to the None group.
    > >
    > > Thanks,
    > >
    > > --CW
  3. Archived from groups: microsoft.public.win2000.security (More info?)

    You certainly don't want to have computers with the same sid. SysInternals explains
    this and how to remedy it as shown in the link below.

    http://www.sysinternals.com/ntw2k/source/newsid.shtml
    http://www.sysinternals.com/ntw2k/freeware/psgetsid.shtml --- displays sids for a
    computer or local user

    The Event ID's. for 8021 and 8032 are usually caused by a master browser being
    multihomed. The fsmo pdc for the domain is usually the master domain browser and it
    is multihomed or used as a rras server [virtual adapter even if it has one nic] you
    can get those errors and experience problems with the browse list.

    http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/q135/4/04.asp&NoWebContent=1

    Any fatal error is not good with netdiag. Running netdiag /v may give more info and
    dcdiag should also be run on domain controllers. First thing to check is dns
    configuration in that domain controllers should point to the first domain controller
    in the domain [pdc fsmo] and themselves as second in the list of preferred dns
    servers in tcp/ip properties. Domain members need to point to only domain controllers
    for their dns and never an ISP dns server on any domain computer. Dns problems can
    result in the unresolved sids you are seeing if they are domain groups on a domain
    computer. Also ipsec policies [client/respond/request] that involve the domain
    controller can also cause networking problems in the domain. --- Steve

    "corn29@ no_spam excite.com" <corn29@excite.com> wrote in message
    news:216bf30e.0407300813.7a3ab8ed@posting.google.com...
    > I thought it was very curious behavior as well... especially with
    > regard to Domain Users "changing" to a local group. Local groups and
    > accounts are not allowed on our system by the security folks either.
    > At any rate, we're having some of the SID issues you mentioned below
    > as well. I'm starting to wonder is this comes from cloning/ghosting a
    > machine... at least that's when I see these problems raise their ugly
    > head. I did follow Q262958 (even though we're not getting any 1000 or
    > 1053 errors) without any success.
    >
    > So with all of this said, do you have any insight on how to clean up
    > the "bunch of numbers that are the unresolved sid for the group"?
    >
    > Oh, BTW netdiag /fix fails on the DC with "[FATAL] Failed to get
    > system information of this machine". I'm NOT getting any DNS errors
    > (only browser errors - 8021 & 8032). Any ideas?
    >
    > Thanks again!
    >
    > --CW
    >
    >
    > "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
    news:<wq_Nc.174849$a24.97243@attbi_s03>...
    > > That's a new one on me. I have never seen a "none" group. The syntax also
    suggests
    > > that "none" is a local computer group. Try giving "users" from the local computer
    > > permissions to see if that works. The local users group on a domain computer
    contains
    > > the domain users group. Usually a group does not disappear, but instead you will
    see
    > > a bunch of numbers that are the unresolved sid for the group.
    > >
    > > It would be a good idea to give that computer a full virus scan with virus
    > > definitions up to date as of today since you are having unexplained behavior.
    Also
    > > run netdiag on it looking for any failed tests that may indicate a problem with
    > > domain access such as failed test/errors for dns, dc discover, kerberos, and
    domain
    > > membership-secure channel. nediag is part of the support tools on the install
    cdrom
    > > in the support/tools folder where you will need to run the setup program
    here. ---
    > > Steve
    > >
    > >
    > > "corn29@ no_spam excite.com" <corn29@excite.com> wrote in message
    > > news:216bf30e.0407281358.670a3d20@posting.google.com...
    > > > Hello,
    > > >
    > > > Having a problem here with giving the group Domain Users rights to
    > > > objects. For example, I have a \bin\ folder. I right click on this
    > > > folder and select the Security tab. Then I click Add..., choose
    > > > Domain Users from the Entire Directory, and give the group full
    > > > control from the checkboxes.
    > > >
    > > > Here's where the problem starts. Members of Domain Users still aren't
    > > > getting the access they need to \...\bin\. If I go back and check the
    > > > security settings for that folder, there's no Domain Users listing.
    > > > In its place is a "None" group. Its syntax is None(<<Local computer
    > > > name>>\None).
    > > >
    > > > How can I keep this from happening? No matter how many times I try to
    > > > add Domain users to an object, it always changes to the None group.
    > > >
    > > > Thanks,
    > > >
    > > > --CW
  4. Archived from groups: microsoft.public.win2000.security (More info?)

    Steve,

    Thanks for the help so far!!! I have another question based upon your
    last post. I have 2 DCs -- dc1 and dc2. dc1 and dc2 are both DNS
    servers and both are domain controllers (with dc1 being the fsmo pdc).
    dc1 is 10.10.0.10 and dc2 is 10.10.0.14. You wrote:

    > First thing to check is dns configuration in that domain controllers should
    > point to the first domain controller in the domain [pdc fsmo]
    > and themselves as second in the list of preferred dns.

    So in the case of dc1, are both the primary and seconday DNS addresses
    10.10.0.10 then?

    Thanks,

    --CW

    "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message news:<wixOc.60065$eM2.45212@attbi_s51>...
    > You certainly don't want to have computers with the same sid. SysInternals explains
    > this and how to remedy it as shown in the link below.
    >
    > http://www.sysinternals.com/ntw2k/source/newsid.shtml
    > http://www.sysinternals.com/ntw2k/freeware/psgetsid.shtml --- displays sids for a
    > computer or local user
    >
    > The Event ID's. for 8021 and 8032 are usually caused by a master browser being
    > multihomed. The fsmo pdc for the domain is usually the master domain browser and it
    > is multihomed or used as a rras server [virtual adapter even if it has one nic] you
    > can get those errors and experience problems with the browse list.
    >
    > http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/q135/4/04.asp&NoWebContent=1
    >
    > Any fatal error is not good with netdiag. Running netdiag /v may give more info and
    > dcdiag should also be run on domain controllers. First thing to check is dns
    > configuration in that domain controllers should point to the first domain controller
    > in the domain [pdc fsmo] and themselves as second in the list of preferred dns
    > servers in tcp/ip properties. Domain members need to point to only domain controllers
    > for their dns and never an ISP dns server on any domain computer. Dns problems can
    > result in the unresolved sids you are seeing if they are domain groups on a domain
    > computer. Also ipsec policies [client/respond/request] that involve the domain
    > controller can also cause networking problems in the domain. --- Steve
    >
    > "corn29@ no_spam excite.com" <corn29@excite.com> wrote in message
    > news:216bf30e.0407300813.7a3ab8ed@posting.google.com...
    > > I thought it was very curious behavior as well... especially with
    > > regard to Domain Users "changing" to a local group. Local groups and
    > > accounts are not allowed on our system by the security folks either.
    > > At any rate, we're having some of the SID issues you mentioned below
    > > as well. I'm starting to wonder is this comes from cloning/ghosting a
    > > machine... at least that's when I see these problems raise their ugly
    > > head. I did follow Q262958 (even though we're not getting any 1000 or
    > > 1053 errors) without any success.
    > >
    > > So with all of this said, do you have any insight on how to clean up
    > > the "bunch of numbers that are the unresolved sid for the group"?
    > >
    > > Oh, BTW netdiag /fix fails on the DC with "[FATAL] Failed to get
    > > system information of this machine". I'm NOT getting any DNS errors
    > > (only browser errors - 8021 & 8032). Any ideas?
    > >
    > > Thanks again!
    > >
    > > --CW
    > >
    > >
    > > "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
    > news:<wq_Nc.174849$a24.97243@attbi_s03>...
    > > > That's a new one on me. I have never seen a "none" group. The syntax also
    > suggests
    > > > that "none" is a local computer group. Try giving "users" from the local computer
    > > > permissions to see if that works. The local users group on a domain computer
    > contains
    > > > the domain users group. Usually a group does not disappear, but instead you will
    > see
    > > > a bunch of numbers that are the unresolved sid for the group.
    > > >
    > > > It would be a good idea to give that computer a full virus scan with virus
    > > > definitions up to date as of today since you are having unexplained behavior.
    > Also
    > > > run netdiag on it looking for any failed tests that may indicate a problem with
    > > > domain access such as failed test/errors for dns, dc discover, kerberos, and
    > domain
    > > > membership-secure channel. nediag is part of the support tools on the install
    > cdrom
    > > > in the support/tools folder where you will need to run the setup program
    > here. ---
    > > > Steve
    > > >
    > > >
    > > > "corn29@ no_spam excite.com" <corn29@excite.com> wrote in message
    > > > news:216bf30e.0407281358.670a3d20@posting.google.com...
    > > > > Hello,
    > > > >
    > > > > Having a problem here with giving the group Domain Users rights to
    > > > > objects. For example, I have a \bin\ folder. I right click on this
    > > > > folder and select the Security tab. Then I click Add..., choose
    > > > > Domain Users from the Entire Directory, and give the group full
    > > > > control from the checkboxes.
    > > > >
    > > > > Here's where the problem starts. Members of Domain Users still aren't
    > > > > getting the access they need to \...\bin\. If I go back and check the
    > > > > security settings for that folder, there's no Domain Users listing.
    > > > > In its place is a "None" group. Its syntax is None(<<Local computer
    > > > > name>>\None).
    > > > >
    > > > > How can I keep this from happening? No matter how many times I try to
    > > > > add Domain users to an object, it always changes to the None group.
    > > > >
    > > > > Thanks,
    > > > >
    > > > > --CW
  5. Archived from groups: microsoft.public.win2000.security (More info?)

    Hi CW.

    See the link below for explaination. The first dc can point just to itself as the
    primary only. --- Steve

    http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B291382

    "corn29@ no_spam excite.com" <corn29@excite.com> wrote in message
    news:216bf30e.0408020937.695d809e@posting.google.com...
    > Steve,
    >
    > Thanks for the help so far!!! I have another question based upon your
    > last post. I have 2 DCs -- dc1 and dc2. dc1 and dc2 are both DNS
    > servers and both are domain controllers (with dc1 being the fsmo pdc).
    > dc1 is 10.10.0.10 and dc2 is 10.10.0.14. You wrote:
    >
    > > First thing to check is dns configuration in that domain controllers should
    > > point to the first domain controller in the domain [pdc fsmo]
    > > and themselves as second in the list of preferred dns.
    >
    > So in the case of dc1, are both the primary and seconday DNS addresses
    > 10.10.0.10 then?
    >
    > Thanks,
    >
    > --CW
    >
    > "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
    news:<wixOc.60065$eM2.45212@attbi_s51>...
    > > You certainly don't want to have computers with the same sid. SysInternals
    explains
    > > this and how to remedy it as shown in the link below.
    > >
    > > http://www.sysinternals.com/ntw2k/source/newsid.shtml
    > > http://www.sysinternals.com/ntw2k/freeware/psgetsid.shtml --- displays sids for
    a
    > > computer or local user
    > >
    > > The Event ID's. for 8021 and 8032 are usually caused by a master browser being
    > > multihomed. The fsmo pdc for the domain is usually the master domain browser and
    it
    > > is multihomed or used as a rras server [virtual adapter even if it has one nic]
    you
    > > can get those errors and experience problems with the browse list.
    > >
    > >
    http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/q135/4/04.asp&NoWebContent=1
    > >
    > > Any fatal error is not good with netdiag. Running netdiag /v may give more info
    and
    > > dcdiag should also be run on domain controllers. First thing to check is dns
    > > configuration in that domain controllers should point to the first domain
    controller
    > > in the domain [pdc fsmo] and themselves as second in the list of preferred dns
    > > servers in tcp/ip properties. Domain members need to point to only domain
    controllers
    > > for their dns and never an ISP dns server on any domain computer. Dns problems
    can
    > > result in the unresolved sids you are seeing if they are domain groups on a
    domain
    > > computer. Also ipsec policies [client/respond/request] that involve the domain
    > > controller can also cause networking problems in the domain. --- Steve
    > >
    > > "corn29@ no_spam excite.com" <corn29@excite.com> wrote in message
    > > news:216bf30e.0407300813.7a3ab8ed@posting.google.com...
    > > > I thought it was very curious behavior as well... especially with
    > > > regard to Domain Users "changing" to a local group. Local groups and
    > > > accounts are not allowed on our system by the security folks either.
    > > > At any rate, we're having some of the SID issues you mentioned below
    > > > as well. I'm starting to wonder is this comes from cloning/ghosting a
    > > > machine... at least that's when I see these problems raise their ugly
    > > > head. I did follow Q262958 (even though we're not getting any 1000 or
    > > > 1053 errors) without any success.
    > > >
    > > > So with all of this said, do you have any insight on how to clean up
    > > > the "bunch of numbers that are the unresolved sid for the group"?
    > > >
    > > > Oh, BTW netdiag /fix fails on the DC with "[FATAL] Failed to get
    > > > system information of this machine". I'm NOT getting any DNS errors
    > > > (only browser errors - 8021 & 8032). Any ideas?
    > > >
    > > > Thanks again!
    > > >
    > > > --CW
    > > >
    > > >
    > > > "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
    > > news:<wq_Nc.174849$a24.97243@attbi_s03>...
    > > > > That's a new one on me. I have never seen a "none" group. The syntax also
    > > suggests
    > > > > that "none" is a local computer group. Try giving "users" from the local
    computer
    > > > > permissions to see if that works. The local users group on a domain computer
    > > contains
    > > > > the domain users group. Usually a group does not disappear, but instead you
    will
    > > see
    > > > > a bunch of numbers that are the unresolved sid for the group.
    > > > >
    > > > > It would be a good idea to give that computer a full virus scan with virus
    > > > > definitions up to date as of today since you are having unexplained behavior.
    > > Also
    > > > > run netdiag on it looking for any failed tests that may indicate a problem
    with
    > > > > domain access such as failed test/errors for dns, dc discover, kerberos, and
    > > domain
    > > > > membership-secure channel. nediag is part of the support tools on the install
    > > cdrom
    > > > > in the support/tools folder where you will need to run the setup program
    > > here. ---
    > > > > Steve
    > > > >
    > > > >
    > > > > "corn29@ no_spam excite.com" <corn29@excite.com> wrote in message
    > > > > news:216bf30e.0407281358.670a3d20@posting.google.com...
    > > > > > Hello,
    > > > > >
    > > > > > Having a problem here with giving the group Domain Users rights to
    > > > > > objects. For example, I have a \bin\ folder. I right click on this
    > > > > > folder and select the Security tab. Then I click Add..., choose
    > > > > > Domain Users from the Entire Directory, and give the group full
    > > > > > control from the checkboxes.
    > > > > >
    > > > > > Here's where the problem starts. Members of Domain Users still aren't
    > > > > > getting the access they need to \...\bin\. If I go back and check the
    > > > > > security settings for that folder, there's no Domain Users listing.
    > > > > > In its place is a "None" group. Its syntax is None(<<Local computer
    > > > > > name>>\None).
    > > > > >
    > > > > > How can I keep this from happening? No matter how many times I try to
    > > > > > add Domain users to an object, it always changes to the None group.
    > > > > >
    > > > > > Thanks,
    > > > > >
    > > > > > --CW
  6. Archived from groups: microsoft.public.win2000.security (More info?)

    Steve,

    Thanks for all your help... I did find out over the course of fixing
    this problem that for netdiag to work, the Remote Registry Service has
    to be enabled. I had it disabled based upon guidance from our
    security folks.

    Thanks,

    --CW

    "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message news:<XkxPc.235884$Oq2.5412@attbi_s52>...
    > Hi CW.
    >
    > See the link below for explaination. The first dc can point just to itself as the
    > primary only. --- Steve
    >
    > http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B291382
    >
    > "corn29@ no_spam excite.com" <corn29@excite.com> wrote in message
    > news:216bf30e.0408020937.695d809e@posting.google.com...
    > > Steve,
    > >
    > > Thanks for the help so far!!! I have another question based upon your
    > > last post. I have 2 DCs -- dc1 and dc2. dc1 and dc2 are both DNS
    > > servers and both are domain controllers (with dc1 being the fsmo pdc).
    > > dc1 is 10.10.0.10 and dc2 is 10.10.0.14. You wrote:
    > >
    > > > First thing to check is dns configuration in that domain controllers should
    > > > point to the first domain controller in the domain [pdc fsmo]
    > > > and themselves as second in the list of preferred dns.
    > >
    > > So in the case of dc1, are both the primary and seconday DNS addresses
    > > 10.10.0.10 then?
    > >
    > > Thanks,
    > >
    > > --CW
    > >
    > > "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
    > news:<wixOc.60065$eM2.45212@attbi_s51>...
    > > > You certainly don't want to have computers with the same sid. SysInternals
    > explains
    > > > this and how to remedy it as shown in the link below.
    > > >
    > > > http://www.sysinternals.com/ntw2k/source/newsid.shtml
    > > > http://www.sysinternals.com/ntw2k/freeware/psgetsid.shtml --- displays sids for
    > a
    > > > computer or local user
    > > >
    > > > The Event ID's. for 8021 and 8032 are usually caused by a master browser being
    > > > multihomed. The fsmo pdc for the domain is usually the master domain browser and
    > it
    > > > is multihomed or used as a rras server [virtual adapter even if it has one nic]
    > you
    > > > can get those errors and experience problems with the browse list.
    > > >
    > > >
    > http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/q135/4/04.asp&NoWebContent=1
    > > >
    > > > Any fatal error is not good with netdiag. Running netdiag /v may give more info
    > and
    > > > dcdiag should also be run on domain controllers. First thing to check is dns
    > > > configuration in that domain controllers should point to the first domain
    > controller
    > > > in the domain [pdc fsmo] and themselves as second in the list of preferred dns
    > > > servers in tcp/ip properties. Domain members need to point to only domain
    > controllers
    > > > for their dns and never an ISP dns server on any domain computer. Dns problems
    > can
    > > > result in the unresolved sids you are seeing if they are domain groups on a
    > domain
    > > > computer. Also ipsec policies [client/respond/request] that involve the domain
    > > > controller can also cause networking problems in the domain. --- Steve
    > > >
    > > > "corn29@ no_spam excite.com" <corn29@excite.com> wrote in message
    > > > news:216bf30e.0407300813.7a3ab8ed@posting.google.com...
    > > > > I thought it was very curious behavior as well... especially with
    > > > > regard to Domain Users "changing" to a local group. Local groups and
    > > > > accounts are not allowed on our system by the security folks either.
    > > > > At any rate, we're having some of the SID issues you mentioned below
    > > > > as well. I'm starting to wonder is this comes from cloning/ghosting a
    > > > > machine... at least that's when I see these problems raise their ugly
    > > > > head. I did follow Q262958 (even though we're not getting any 1000 or
    > > > > 1053 errors) without any success.
    > > > >
    > > > > So with all of this said, do you have any insight on how to clean up
    > > > > the "bunch of numbers that are the unresolved sid for the group"?
    > > > >
    > > > > Oh, BTW netdiag /fix fails on the DC with "[FATAL] Failed to get
    > > > > system information of this machine". I'm NOT getting any DNS errors
    > > > > (only browser errors - 8021 & 8032). Any ideas?
    > > > >
    > > > > Thanks again!
    > > > >
    > > > > --CW
    > > > >
    > > > >
    > > > > "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
    > news:<wq_Nc.174849$a24.97243@attbi_s03>...
    > > > > > That's a new one on me. I have never seen a "none" group. The syntax also
    > suggests
    > > > > > that "none" is a local computer group. Try giving "users" from the local
    > computer
    > > > > > permissions to see if that works. The local users group on a domain computer
    > contains
    > > > > > the domain users group. Usually a group does not disappear, but instead you
    > will
    > see
    > > > > > a bunch of numbers that are the unresolved sid for the group.
    > > > > >
    > > > > > It would be a good idea to give that computer a full virus scan with virus
    > > > > > definitions up to date as of today since you are having unexplained behavior.
    > Also
    > > > > > run netdiag on it looking for any failed tests that may indicate a problem
    > with
    > > > > > domain access such as failed test/errors for dns, dc discover, kerberos, and
    > domain
    > > > > > membership-secure channel. nediag is part of the support tools on the install
    > cdrom
    > > > > > in the support/tools folder where you will need to run the setup program
    > here. ---
    > > > > > Steve
    > > > > >
    > > > > >
    > > > > > "corn29@ no_spam excite.com" <corn29@excite.com> wrote in message
    > > > > > news:216bf30e.0407281358.670a3d20@posting.google.com...
    > > > > > > Hello,
    > > > > > >
    > > > > > > Having a problem here with giving the group Domain Users rights to
    > > > > > > objects. For example, I have a \bin\ folder. I right click on this
    > > > > > > folder and select the Security tab. Then I click Add..., choose
    > > > > > > Domain Users from the Entire Directory, and give the group full
    > > > > > > control from the checkboxes.
    > > > > > >
    > > > > > > Here's where the problem starts. Members of Domain Users still aren't
    > > > > > > getting the access they need to \...\bin\. If I go back and check the
    > > > > > > security settings for that folder, there's no Domain Users listing.
    > > > > > > In its place is a "None" group. Its syntax is None(<<Local computer
    > > > > > > name>>\None).
    > > > > > >
    > > > > > > How can I keep this from happening? No matter how many times I try to
    > > > > > > add Domain users to an object, it always changes to the None group.
    > > > > > >
    > > > > > > Thanks,
    > > > > > >
    > > > > > > --CW
Ask a new question

Read More

Domain Security Microsoft Windows