General discussion

  • Creator
    Topic
  • #2276587

    User rights becoming a Headache

    Locked

    by rapell ·

    Am the systems admin of a WinNT 4 domain amd at the software we run is on a files server. Now, clients are windows 98 and windows 2000, but am having trouble mapping drives as a user. Everytime i map the drive as Admin then the user logs on using their credentials, the network drive becomes unavailable or denies access. I dont want to increase their rights for that drive only as it contains other sensitive info, I have now given all users admin rights so they can reconnect at logon, since its a small domain and most of them are advanced PC users so am not so scared of dangerous deletions, but am feeling weak, am supposed to be the only god here-in charge. How can I reduce their rights but keep the mapping accessible when they logon? and they need this drive since equinox is based on it and environment variables have been cfgd to point to that drive. Thank you.

All Comments

  • Author
    Replies
    • #3295394

      NT 4.0 Huh ?

      by cogtek ·

      In reply to User rights becoming a Headache

      You have come upon an age old problem with Administering a Microsoft Domain.

      It is called cumulative rights syndrome.
      CRM is the result of having rights applied to a Share as well as NTFS rights applied to the same Directory.
      Microsoft “combines” these rights and allows for the most restrictive.
      In other words, if you setup a directory with NTFS rights for Domain Users set to “Full Access” And you limit the Share to Everyone “Read Access” Guess what? Everybody can see the folder but nobody can save to it.

      What I usually do, is to create the folder.
      Share the Folder. (Sharing Tab in Properties)
      Set the Share Rights to allow Everyone “Full Access”
      Then use NTFS rights to “lock down” the directory. (Security Tab in Properties)

      Understanding the Security Rights in NTFS can be a lesson in itself.

      • #3295214

        Thanks mate

        by rapell ·

        In reply to NT 4.0 Huh ?

        Well well well, what do you know, and if I had known it was that simple. Thanks alot, i have tested this on one user and the drive is available at logon, which solves my problem. I am now going to trim some wings…..

      • #3295152

        Re: NT 4.0 Huh

        by jermaine.oldham@tempurped ·

        In reply to NT 4.0 Huh ?

        Great advice, I can tell you understand your NTFS permissions!

        Jermaine C. Oldham

    • #3295153

      Re: user rights

      by jermaine.oldham@tempurped ·

      In reply to User rights becoming a Headache

      I suggest you try downgrading each user’s rights to Power Users and see if they are able to connect. If that doesn’t work, just grant them local admin rights…they won’t be able to do too much damage, because on a domain level they are still bound by the security implications you make applicable to them…

      Jermaine C. Oldham

Viewing 1 reply thread