User Rights

Archived from groups: microsoft.public.win2000.security (More info?)

I have a user who I have given FULL control rights to her network folder.
She tells me she can not add permission for other folks to specific
subdirectories. I have propogated the FULL control to all her sub objects. I
have gone in to one of her sub folders and checked EFFECTIVE PERMISSIONS,
and she has full control... I have turned on Auditing and only note a
failure for her with:

Event Type: Failure Audit
Event Source: Security
Event Category: Object Access
Event ID: 560
Date: 9/30/2004
Time: 1:49:31 PM
User: DOMAIN1\IBW
Computer: FILESSERVER
Description:
Object Open:
Object Server: Security
Object Type: File
Object Name: D:\Users\IBW\DataWork
Handle ID: -
Operation ID: {0,32716122}
Process ID: 4
Image File Name:
Primary User Name: FILESSERVER$
Primary Domain: SAD
Primary Logon ID: (0x0,0x3E7)
Client User Name: IBW
Client Domain: DOMAIN1
Client Logon ID: (0x0,0x1EFB976)
Accesses: ACCESS_SYS_SEC
ReadAttributes

Privileges: -
Restricted Sid Count: 0
Access Mask: 0x1000080


For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
4 answers Last reply
More about user rights
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    I can't tell much from that Event ID. Usually there is a matching Event ID
    562 by timestamp that may have more info. Try to make her owner also if she
    is not already to see if that helps. --- Steve


    "Carl Hilton" <someone@microsoft.com> wrote in message
    news:ukBH$mxpEHA.2604@TK2MSFTNGP10.phx.gbl...
    > I have a user who I have given FULL control rights to her network folder.
    > She tells me she can not add permission for other folks to specific
    > subdirectories. I have propogated the FULL control to all her sub objects.
    I
    > have gone in to one of her sub folders and checked EFFECTIVE PERMISSIONS,
    > and she has full control... I have turned on Auditing and only note a
    > failure for her with:
    >
    > Event Type: Failure Audit
    > Event Source: Security
    > Event Category: Object Access
    > Event ID: 560
    > Date: 9/30/2004
    > Time: 1:49:31 PM
    > User: DOMAIN1\IBW
    > Computer: FILESSERVER
    > Description:
    > Object Open:
    > Object Server: Security
    > Object Type: File
    > Object Name: D:\Users\IBW\DataWork
    > Handle ID: -
    > Operation ID: {0,32716122}
    > Process ID: 4
    > Image File Name:
    > Primary User Name: FILESSERVER$
    > Primary Domain: SAD
    > Primary Logon ID: (0x0,0x3E7)
    > Client User Name: IBW
    > Client Domain: DOMAIN1
    > Client Logon ID: (0x0,0x1EFB976)
    > Accesses: ACCESS_SYS_SEC
    > ReadAttributes
    >
    > Privileges: -
    > Restricted Sid Count: 0
    > Access Mask: 0x1000080
    >
    >
    > For more information, see Help and Support Center at
    > http://go.microsoft.com/fwlink/events.asp.
    >
    >
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Carl Hilton wrote:
    | I have a user who I have given FULL control rights to her network folder.
    | She tells me she can not add permission for other folks to specific
    | subdirectories. I have propogated the FULL control to all her sub
    objects. I
    | have gone in to one of her sub folders and checked EFFECTIVE PERMISSIONS,
    | and she has full control... I have turned on Auditing and only note a
    | failure for her with:
    |
    | Event Type: Failure Audit
    | Event Source: Security
    | Event Category: Object Access
    | Event ID: 560
    | Date: 9/30/2004
    | Time: 1:49:31 PM
    | User: DOMAIN1\IBW
    | Computer: FILESSERVER
    | Description:
    | Object Open:
    | Object Server: Security
    | Object Type: File
    | Object Name: D:\Users\IBW\DataWork
    | Handle ID: -
    | Operation ID: {0,32716122}
    | Process ID: 4
    | Image File Name:
    | Primary User Name: FILESSERVER$
    | Primary Domain: SAD
    | Primary Logon ID: (0x0,0x3E7)
    | Client User Name: IBW
    | Client Domain: DOMAIN1
    | Client Logon ID: (0x0,0x1EFB976)
    | Accesses: ACCESS_SYS_SEC
    | ReadAttributes
    |
    | Privileges: -
    | Restricted Sid Count: 0
    | Access Mask: 0x1000080
    |
    |
    | For more information, see Help and Support Center at
    | http://go.microsoft.com/fwlink/events.asp.
    |
    |
    And you want a user controlling who has access rights on the network,
    why? Exactly? :-)
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.5 (MingW32)
    Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

    iD8DBQFBYQAMqmlxlf41jHgRAn+eAJ4vZtGsO9X/oZWEsey8xby5NEjCWQCgtpF6
    PRL3jul5+SpSn070fnu4I6Y=
    =EvlP
    -----END PGP SIGNATURE-----
  3. Archived from groups: microsoft.public.win2000.security (More info?)

    I want them controlling THEIR folders NOT everyones'.


    "andy smart" <anonymus@discussions.microsoft.com> wrote in message
    news:cjqv6b$30e$1@newsfeed.th.ifl.net...
    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > Carl Hilton wrote:
    > | I have a user who I have given FULL control rights to her network
    folder.
    > | She tells me she can not add permission for other folks to specific
    > | subdirectories. I have propogated the FULL control to all her sub
    > objects. I
    > | have gone in to one of her sub folders and checked EFFECTIVE
    PERMISSIONS,
    > | and she has full control... I have turned on Auditing and only note a
    > | failure for her with:
    > |
    > | Event Type: Failure Audit
    > | Event Source: Security
    > | Event Category: Object Access
    > | Event ID: 560
    > | Date: 9/30/2004
    > | Time: 1:49:31 PM
    > | User: DOMAIN1\IBW
    > | Computer: FILESSERVER
    > | Description:
    > | Object Open:
    > | Object Server: Security
    > | Object Type: File
    > | Object Name: D:\Users\IBW\DataWork
    > | Handle ID: -
    > | Operation ID: {0,32716122}
    > | Process ID: 4
    > | Image File Name:
    > | Primary User Name: FILESSERVER$
    > | Primary Domain: SAD
    > | Primary Logon ID: (0x0,0x3E7)
    > | Client User Name: IBW
    > | Client Domain: DOMAIN1
    > | Client Logon ID: (0x0,0x1EFB976)
    > | Accesses: ACCESS_SYS_SEC
    > | ReadAttributes
    > |
    > | Privileges: -
    > | Restricted Sid Count: 0
    > | Access Mask: 0x1000080
    > |
    > |
    > | For more information, see Help and Support Center at
    > | http://go.microsoft.com/fwlink/events.asp.
    > |
    > |
    > And you want a user controlling who has access rights on the network,
    > why? Exactly? :-)
    > -----BEGIN PGP SIGNATURE-----
    > Version: GnuPG v1.2.5 (MingW32)
    > Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
    >
    > iD8DBQFBYQAMqmlxlf41jHgRAn+eAJ4vZtGsO9X/oZWEsey8xby5NEjCWQCgtpF6
    > PRL3jul5+SpSn070fnu4I6Y=
    > =EvlP
    > -----END PGP SIGNATURE-----
  4. Archived from groups: microsoft.public.win2000.security (More info?)

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Carl Hilton wrote:
    | I want them controlling THEIR folders NOT everyones'.
    |
    |
    |
    | "andy smart" <anonymus@discussions.microsoft.com> wrote in message
    | news:cjqv6b$30e$1@newsfeed.th.ifl.net...
    |
    | Carl Hilton wrote:
    | | I have a user who I have given FULL control rights to her network
    |
    |> folder.
    |
    | | She tells me she can not add permission for other folks to specific
    | | subdirectories. I have propogated the FULL control to all her sub
    | objects. I
    | | have gone in to one of her sub folders and checked EFFECTIVE
    |
    |> PERMISSIONS,
    |
    | | and she has full control... I have turned on Auditing and only note a
    | | failure for her with:
    | |
    | | Event Type: Failure Audit
    | | Event Source: Security
    | | Event Category: Object Access
    | | Event ID: 560
    | | Date: 9/30/2004
    | | Time: 1:49:31 PM
    | | User: DOMAIN1\IBW
    | | Computer: FILESSERVER
    | | Description:
    | | Object Open:
    | | Object Server: Security
    | | Object Type: File
    | | Object Name: D:\Users\IBW\DataWork
    | | Handle ID: -
    | | Operation ID: {0,32716122}
    | | Process ID: 4
    | | Image File Name:
    | | Primary User Name: FILESSERVER$
    | | Primary Domain: SAD
    | | Primary Logon ID: (0x0,0x3E7)
    | | Client User Name: IBW
    | | Client Domain: DOMAIN1
    | | Client Logon ID: (0x0,0x1EFB976)
    | | Accesses: ACCESS_SYS_SEC
    | | ReadAttributes
    | |
    | | Privileges: -
    | | Restricted Sid Count: 0
    | | Access Mask: 0x1000080
    | |
    | |
    | | For more information, see Help and Support Center at
    | | http://go.microsoft.com/fwlink/events.asp.
    | |
    | |
    | And you want a user controlling who has access rights on the network,
    | why? Exactly? :-)

    I know, but what would worry me is to whom they are giving access, and
    who will ultimaely manage (aka 'be responsible for' that access.

    Does she need to provide access to people from within the organization?
    The way we do things here is to create shared areas for access by people
    with specific needs - and make people members or not as the need arises.
    This doesnt' need a lot of tweaking and seems to work for us here.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.5 (MingW32)
    Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

    iD8DBQFBYTRKqmlxlf41jHgRAhwJAKCC2rGba1UEuaC89rGyPyM25VBFsgCfZaQy
    65RNVVaGfTNMDoUphyAHdHs=
    =XK9z
    -----END PGP SIGNATURE-----
Ask a new question

Read More

Windows