Windows

Ok, try this.
On the new Member server, right-click My Computer -> Manage -> Local Users & Groups.
Expand Groups.
Double-click Administrators
See if Domain Admins for your AD domain are listed as Administrators (I am not sure on this, but I alsothink the Enterprise Admins group should be listed; I don't have a AD DC to check right now).
Basically, only an Administrator can access the C$ share. If the Member server is rejecting a logon to this share, then the user account you are using is NOT a member of the Administrators local group on that Member server.

hope this helps

Hi Joseph,

Thanks for your reply!
Right after I posted this question, I went into Active directory users and computers and right clicked the AD and check the default GPO for the domain, I selected to edit the default GPO and under "user rights and assignment" and then I removed whatever was there (It was late at night I don't remember what was there to begin with!.)

Anyway I then added the "everyone" group and Voila! it worked.
This morning I followed your suggestion and the Domain Admins are listed in the local group on the member server.

One more thing that I am confused about, I want to place on the member server some shares and finance apps that only the accountig Dept will have access to.

Do I need to add the global accounting group into the local group on the member server?

Should I leave the right to "access this computer from the network to the "Everyone group" or should I remove the Everyone group and just add the user or groups from the accounting dept only?

Thanks again Joseph!

What has actually happened at the point of joining your MEMBER server to the domain i take it that you had it in a workgroup environment (mydomain) Now! once added to the domain your DC has to refresh all policy`s to remove any records relating to the MEMBER server as being part of a workgroup (the default refresh rate for this is 90 minutes) im thinking that by the time you read this post you have sored this problem but anyway if you come accross this again all you have to do is ad the machineto the Domain and run this command secedit /refreshpolicy machine_policy /enforce


this will refresh all policy`s and remove anything relating to the added machine being part of a workgroupadn as default as long as your accessing any C$ on anymachine added to the domain you will need to be logged on as DOMAIN ADMIN because as default again only DOMAIN ADMIN has rights to access another machine`s C$ unless manually added to that machine.

I hope you understand this

any problems postback here!

Hi cul8rm8e,

Yes you are absolutely right, this morming I noticed that the "domain" option is not there anymore...What a relief I was so confused about this. The best thing of all is that thanks to your information now I know why this happens, soI won't be freaking out in the future...;-)

Thanks for your time!

JC

Answering your comments - you want to leave the Everyone group in the "Access this computer from the network" permissions, unless there is NOTHING on this computer that will ever need to be accessed by anyone other than the accounting group. I wouldn't do this, just because it might complicate your life later.

Permissions for shared resources such as files and folders are different from the local security policy permissions. File and folder permissions are NTFS permissions, which are controlled by the specific permissions settings you put in the security settings for the folder or file itself. Therefore, leaving the "access this computer" policy as is with the Everyone group enabled will not compromise your shared folder permissions at all. As long as you remove the Everyone group from the NTFS permissions for the folder(s) you are sharing, and add just the accounting group, domain admins and SYSTEM, you will be fine.

Hope this helps!

This question was closed by the author