Share Folder Permission on xp in a 2003 domain

J

Josh Davis

Brought up a 2003 dc with AD. Users can log in ok
but are unable to share folders on the client side.
each user is a member of the domainusers group.

Where can I enable the sharing of folders. Is it
part of the users group profile or hidden in AD.

I looked in group policy but was unable to find it.

Thanks ... Josh.
 
P

ptwilliams

A normal user cannot create a share. The minimum requirement for this is to
be a member of the (local) power users group. This is one of the few
things, I believe, that cannot be delegated.

For information on adding users to the power users group of local PCs,
please refer to the following article:
-- http://www.msresource.net/content/view/45/47/
 
J

Josh Davis

Paul this can be delegated via group policy. I found a way.

The main problem is that by default there is no power users group
on the DC side if this existed things would be easier right out of
the box to implement.

GP setting to allow xp user to create shared folders.

LOCAL POLICIES "User Rights Assignments" from new gpmc snap in.
"Computer configuration"

permissions needed

Access the computer from the network
Act as part of the operating system
Add workstations to domain "Can be disabled later on "
Allow log on locally
Backup files and directories
change the system time
create a pagefile
create a token object
create global objects
create permenant shared objects
log on as a service
perform volume maintenance tasks
Manage auditing and security log
restore files and directories
shutdown the system
synch directory service data
take ownership of files and other objects.

I created a new OU put the user in the ou, created a gp called power
users based on the above, ran gpupdate on dc and client. By default
all user accounts are a member of the domain users group.

default domain policy at root of tree is as follows.

LOCAL POLICIES "User Rights Assignments"

Access the computer from the network

Administrators/ Authenticated users /
Domain Admins / Domain Users

Act as part of the operating system
"As above"

Allow Log on locally
"As above"

Create permenatnt shared objects
"As above"

All others are default "Not Defined"

I would be interested what you think on this

Thanks Josh...
 
P

ptwilliams

I would be interested what you think on this

Funnily enough, I stumbled across this option today. I would say that's the
answer to your question!

Well done!
 
R

rodrigo.cobas

If you really really need your users to be power users I'd choose to
use restricted groups to make Domain Users member of the local Power
Users group on the workstations instead of granting them all those user
rights that could pose a big security threat.



Josh Davis ha escrito:
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Problem in assigning permissions to shared folder for a user in parent domain 0
2003 server in a NT4 Domain. 17
Help needed in creating roaming Profiles in AD 2
File Sharing over the network (domain) 3
Creating home folders for existing users... 2
Cannot access shared folder 1
Roaming Profiles and Redirected Folders Inconsistent 5
Simple Active Directory Directory Sharing Problem 1

Top