PC Review


Reply
Thread Tools Rate Thread

Access Denied in MMC DNS Snap-in

 
 
=?Utf-8?B?UGVyIFM=?=
Guest
Posts: n/a
 
      24th Nov 2003
Hi

I got a problem with read access to DNS. A regional Administrator that should have read access to two DNS servers (running on Windows 2000 SP3 Domain Controllers, both in same domain, same site, same DNS zones, both AD integrated and secondary) but it only works on one of the servers, he gets Access Denied when connecting to one of them. I have compared and found no differences in the security settings between the two servers
The permissions he got is read via membership in Authenticated users on the DNS server and read via Everyone on the AD integrated zone
When I (as Domain Admin) do the same it works

 
Reply With Quote
 
 
 
 
Ace Fekay [MVP]
Guest
Posts: n/a
 
      24th Nov 2003
Assuming he is logged on as the necessary user account from the domain, is
the account blocked by any specific denials on that machine?

Are the permissions you're talking about, since it;s an AD Integrated zone,
on the zone properties, security tab?

Were the permissions altered in ADSI Edit on that zone?

When opening the MMC, if he hits the shift button, rt-clicks on the shortcut
in Administrative tools, and logs on as someone else, does the problem still
occur?

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
--
=================================

"Per S" <(E-Mail Removed)> wrote in message
news(E-Mail Removed)...
> Hi,
>
> I got a problem with read access to DNS. A regional Administrator that

should have read access to two DNS servers (running on Windows 2000 SP3
Domain Controllers, both in same domain, same site, same DNS zones, both AD
integrated and secondary) but it only works on one of the servers, he gets
Access Denied when connecting to one of them. I have compared and found no
differences in the security settings between the two servers.
> The permissions he got is read via membership in Authenticated users on

the DNS server and read via Everyone on the AD integrated zone.
> When I (as Domain Admin) do the same it works.
>



 
Reply With Quote
 
 
 
 
=?Utf-8?B?UGVyIFM=?=
Guest
Posts: n/a
 
      25th Nov 2003
He is loggeded on to the domain with nessesary account
There is no denials (that I can find)

Yes it is the security tab on the zone (and also on the DNS server object in MMC)

No the permissions has not been altered in ADSI edit on the zone

Have tested with 4 different account with the same pemissions (also with Run-as) but still same problem

It seems that he has enough permissions on the zone since he can read the same zone on the other server on site, I made a test account and got the same problem, when adding the account to DnsAdmins group (giving it write access) as a test, it works but this gives to mutch access, user should only have read.
 
Reply With Quote
 
Ace Fekay [MVP]
Guest
Posts: n/a
 
      25th Nov 2003
Not sure what to say here. Maybe you can grant the DnsAdmin for him and deny
write? Maybe someone else may have a better suggestion.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
--
=================================

"Per S" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> He is loggeded on to the domain with nessesary account.
> There is no denials (that I can find).
>
> Yes it is the security tab on the zone (and also on the DNS server object

in MMC).
>
> No the permissions has not been altered in ADSI edit on the zone.
>
> Have tested with 4 different account with the same pemissions (also with

Run-as) but still same problem.
>
> It seems that he has enough permissions on the zone since he can read the

same zone on the other server on site, I made a test account and got the
same problem, when adding the account to DnsAdmins group (giving it write
access) as a test, it works but this gives to mutch access, user should only
have read.


 
Reply With Quote
 
=?Utf-8?B?UGVyIFM=?=
Guest
Posts: n/a
 
      25th Nov 2003
I installed W2K SP4 ant it seems to work now.
 
Reply With Quote
 
Ace Fekay [MVP]
Guest
Posts: n/a
 
      25th Nov 2003
Sometimes we assume that the latest service packs are installed.
Glad that did it.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
--
=================================

"Per S" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> I installed W2K SP4 ant it seems to work now.



 
Reply With Quote
 
 
 
Reply

Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Access denied ! Access Denied ! Access Denied! =?Utf-8?B?Y2hyaXNncnVudGxlZA==?= Windows Vista Administration 9 10th Jul 2006 05:04 PM
TV mmc 8.7 is working, mmc 8.8 and 8.9 does NOT work Ingosen ATI Video Cards 0 16th Feb 2004 11:01 AM
MMC Error when trying to start - MMC Error.jpg (0/1) Not Really Windows XP Performance 0 4th Nov 2003 02:44 PM
MMC 7.7 vs MMC 8.1 and beyond Fountainhead ATI Video Cards 1 29th Oct 2003 03:43 AM
Access denied in routing and remote access MMC Nick-V Microsoft Windows 2000 Networking 0 12th Sep 2003 12:03 PM


Features
 

Advertising
 

Newsgroups
 


All times are GMT +1. The time now is 04:17 AM.