IT Employment

General discussion

Gravatar
Locked

User rights becoming a Headache

By rapell ·
Am the systems admin of a WinNT 4 domain amd at the software we run is on a files server. Now, clients are windows 98 and windows 2000, but am having trouble mapping drives as a user. Everytime i map the drive as Admin then the user logs on using their credentials, the network drive becomes unavailable or denies access. I dont want to increase their rights for that drive only as it contains other sensitive info, I have now given all users admin rights so they can reconnect at logon, since its a small domain and most of them are advanced PC users so am not so scared of dangerous deletions, but am feeling weak, am supposed to be the only god here-in charge. How can I reduce their rights but keep the mapping accessible when they logon? and they need this drive since equinox is based on it and environment variables have been cfgd to point to that drive. Thank you.

This conversation is currently closed to new comments.

4 total posts (Page 1 of 1)  
+ Follow this Discussion ·
| Thread display: Collapse - | Expand +

All Comments

gravatar
Collapse -

NT 4.0 Huh ?

by cogtek In reply to User rights becoming a He ...

You have come upon an age old problem with Administering a Microsoft Domain.

It is called cumulative rights syndrome.
CRM is the result of having rights applied to a Share as well as NTFS rights applied to the same Directory.
Microsoft "combines" these rights and allows for the most restrictive.
In other words, if you setup a directory with NTFS rights for Domain Users set to "Full Access" And you limit the Share to Everyone "Read Access" Guess what? Everybody can see the folder but nobody can save to it.

What I usually do, is to create the folder.
Share the Folder. (Sharing Tab in Properties)
Set the Share Rights to allow Everyone "Full Access"
Then use NTFS rights to "lock down" the directory. (Security Tab in Properties)

Understanding the Security Rights in NTFS can be a lesson in itself.

gravatar
Collapse -

Thanks mate

by rapell In reply to NT 4.0 Huh ?

Well well well, what do you know, and if I had known it was that simple. Thanks alot, i have tested this on one user and the drive is available at logon, which solves my problem. I am now going to trim some wings.....

gravatar
Collapse -

Re: NT 4.0 Huh

by jermaine.oldham@tempurped In reply to NT 4.0 Huh ?

Great advice, I can tell you understand your NTFS permissions!


Jermaine C. Oldham

gravatar
Collapse -

Re: user rights

by jermaine.oldham@tempurped In reply to User rights becoming a He ...

I suggest you try downgrading each user's rights to Power Users and see if they are able to connect. If that doesn't work, just grant them local admin rights...they won't be able to do too much damage, because on a domain level they are still bound by the security implications you make applicable to them...


Jermaine C. Oldham

Back to IT Employment Forum
4 total posts (Page 1 of 1)  

Start or search

Related Discussions

Related Forums