Network shares could not be updated with additional access rights by standard users after migration

[Thorsten Zwicker]

Hello!

We changed our Windows server topology to AD 2000 by updating the PDC
(NT-Server). Because some NT Servers are still left, we are running in
compatibility modus with NT. During migration we changed our domain
name.

Before this migration, standard users could change/update access
rights to network file shares. (Owners of shares or enough rights). Now, if
a user is working on a PC with Win 2k, there is no possibility to
change access rights on a network file server. The domain access
control list is not available, only the local access control list (of
this server) is available. Administrators don't have this problem. If
a standard user is working on a NT-Machine - it is still possible.
These users can modify the access rights, with the new domain access
control list

The domain access control list for Win2k standard users is only
available on the local machine, where they are working. Here they can
create a network share with the new domain access control list.

Is this a bug or a security feature/ restriction of AD 2k? How can I
grant rights to standard win2k users to modify access rights on shared
folders on network file servers? What is really strange to me - with
NT they have sufficient rights.

Any ideas, thanks for help in advance.
Thorsten Zwicker

 

[Jim Campau]

Either set up a Trust between the two Domains or reassign rights to the new
accounts on the file server.

Bassically you are now dealing with 2 domains since you decided to create a
new Domain rather then migrate into a new Domain. You will find each user
account now has 2 SID numbers.