Trying to set permissions unsuccessfully

[Guest]

Hi guys.

I have a user on the domain that wants to make a share that only the domain
users can access. When trying to add users on the security tab (folder
properties window), the domain does not appear on the possible locations
list. I've tried this with the domain adminstrator account and I still can't
get it to work. Any ideas?

Thanks in advance

 

[Ron Lowe]

Hi guys.

I have a user on the domain that wants to make a share that only the
domain
users can access. When trying to add users on the security tab (folder
properties window), the domain does not appear on the possible locations
list. I've tried this with the domain adminstrator account and I still
can't
get it to work. Any ideas?

Thanks in advance

I'm assuming the machine is joined to the domain.
The usual cause of this is DNS mis-configuration.

Try to ping the Domain Controller by IP address,
NetBIOS name and FQDN, eg:

ping 192.168.0.200
ping yourdc
ping yourdc.yourdomain.com

( Obviously using your own names. )
The last one is crucial, it tests DNS.
If the Domain Controller is not contactable by DNS
then for sure this is the problem.

You can also try running netdiag.
See what errors it throws up:

To use the Netdiag tool, you must install the Microsoft Windows XP
Support Tools. To do so, follow these steps:

Note If you already have Support Tools installed, go to the second procedure
in this section.

1) Insert your Windows XP Setup CD, and then
locate the Support\Tools folder.
Double-click the Setup.exe file.
Follow the steps on the screen until you reach the
Select An Installation Type screen.
On the Select An Installation Type screen,
click Complete, and then click Next.

2)When the installation is complete, follow these steps:
Click Start, click Run, type Command, click OK.
Type netdiag, and then press ENTER.


Assuming DNS problems are confirmed,
Here's my usual lecture on the topic:

XP differs from previous versions of windows in that it uses
DNS as it's primary name resolution method for finding domain
controllers:

How Domain Controllers Are Located in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;314861

If DNS is misconfigured, XP will spend a lot of time waiting for it to
timeout before it tries using legacy NT4 sytle NetBIOS.
( Which may or may not work. )

1) Ensure that the XP clients are all configured to point to the local
DNS server which hosts the AD domain. That will probably be the
win2k server itself.
They should NOT be pointing an an ISP's DNS server.
An 'ipconfig /all' on the XP box should reveal ONLY the domain's
DNS server.

( you should use the DHCP server to push out the local DNS server
address. )

2) Ensure DNS server on win2k is configured to permit dynamic updates.

3) Ensure the win2k server points to itself as a DNS server.

4) For external ( internet ) name resolution, specify your ISP's DNS server
not on the clients, but in the 'forwarders' tab of the local win2k DNS
server.

On the DNS server, if you cannot access the 'Forwarders' and 'Root Hints'
tabs because they are greyed out, that is because there is a root zone (".")
present on the DNS server. You MUST delete this root zone to permit the
server to forward unresolved queries to yout ISP or the root servers:

HOWTO: Remove the Root Zone (Dot Zone)
http://support.microsoft.com/default.aspx?kbid=298148

The following articles may assist you in setting up DNS correctly:

Setting Up the Domain Name System for Active Directory
http://support.microsoft.com/default.aspx?scid=kb;en-us;237675
HOW TO: Configure DNS for Internet Access in Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;300202

 

[Lanwench [MVP - Exchange]]

Hi guys.

I have a user on the domain that wants to make a share that only the
domain users can access. When trying to add users on the security tab
(folder properties window), the domain does not appear on the
possible locations list. I've tried this with the domain adminstrator
account and I still can't get it to work. Any ideas?

Have you tried changing the "location" to the domain, then making sure
you're looking at users & groups on the domain, then choosing domain admins?
DOMAIN\Domain Administrators?

Also - why are you sharing anything on a workstation, if you have a domain?
I don't like anyone even storing data locally on a client/server network -
all data really belongs on the server. And I don't allow users to create
shares. What's your goal?

 

[Guest]

Have you tried changing the "location" to the domain, then making sure

you're looking at users & groups on the domain, then choosing domain admins?
DOMAIN\Domain Administrators?

Actually, I had tried that. That was when I realised that something was
missing

Also - why are you sharing anything on a workstation, if you have a domain?
I don't like anyone even storing data locally on a client/server network -
all data really belongs on the server. And I don't allow users to create
shares. What's your goal?

My goal is to let each person share their projects, although storing them
on the server would be a smarter choice, indeed!

 

[Lanwench [MVP - Exchange]]

Actually, I had tried that. That was when I realised that something
was missing

Are you not able to see the domain in your 'locations' at all? Could point
to DNS misconfiguration. All servers and workstations should specify *only*
the internal AD-integrated DNS server's IP address in their network
settings. The AD-integrated DNS server should be set up with forwarders to
your ISP's DNS servers for external resolution.

My goal is to let each person share their projects, although storing
them on the server would be a smarter choice, indeed!

Then move everything to the servers, and take away users' local admin
rights. Redirect My Documents to the network (home directory, usually). Use
login scripts. Use roaming profiles. If you keep everything on the server,
you can back it up and control security over it - also, you can
remove/replace/reinstall workstations at will with just a basic build.