User Rights

[Carl Hilton]

I have a user who I have given FULL control rights to her network folder.
She tells me she can not add permission for other folks to specific
subdirectories. I have propogated the FULL control to all her sub objects. I
have gone in to one of her sub folders and checked EFFECTIVE PERMISSIONS,
and she has full control... I have turned on Auditing and only note a
failure for her with:

Event Type: Failure Audit
Event Source: Security
Event Category: Object Access
Event ID: 560
Date: 9/30/2004
Time: 1:49:31 PM
User: DOMAIN1\IBW
Computer: FILESSERVER
Description:
Object Open:
Object Server: Security
Object Type: File
Object Name: D:\Users\IBW\DataWork
Handle ID: -
Operation ID: {0,32716122}
Process ID: 4
Image File Name:
Primary User Name: FILESSERVER$
Primary Domain: SAD
Primary Logon ID: (0x0,0x3E7)
Client User Name: IBW
Client Domain: DOMAIN1
Client Logon ID: (0x0,0x1EFB976)
Accesses: ACCESS_SYS_SEC
ReadAttributes

Privileges: -
Restricted Sid Count: 0
Access Mask: 0x1000080


For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

 

[Steven L Umbach]

I can't tell much from that Event ID. Usually there is a matching Event ID
562 by timestamp that may have more info. Try to make her owner also if she
is not already to see if that helps. --- Steve

 

[andy smart]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Carl Hilton wrote:
| I have a user who I have given FULL control rights to her network folder.
| She tells me she can not add permission for other folks to specific
| subdirectories. I have propogated the FULL control to all her sub
objects. I
| have gone in to one of her sub folders and checked EFFECTIVE PERMISSIONS,
| and she has full control... I have turned on Auditing and only note a
| failure for her with:
|
| Event Type: Failure Audit
| Event Source: Security
| Event Category: Object Access
| Event ID: 560
| Date: 9/30/2004
| Time: 1:49:31 PM
| User: DOMAIN1\IBW
| Computer: FILESSERVER
| Description:
| Object Open:
| Object Server: Security
| Object Type: File
| Object Name: D:\Users\IBW\DataWork
| Handle ID: -
| Operation ID: {0,32716122}
| Process ID: 4
| Image File Name:
| Primary User Name: FILESSERVER$
| Primary Domain: SAD
| Primary Logon ID: (0x0,0x3E7)
| Client User Name: IBW
| Client Domain: DOMAIN1
| Client Logon ID: (0x0,0x1EFB976)
| Accesses: ACCESS_SYS_SEC
| ReadAttributes
|
| Privileges: -
| Restricted Sid Count: 0
| Access Mask: 0x1000080
|
|
| For more information, see Help and Support Center at
| http://go.microsoft.com/fwlink/events.asp.
|
|
And you want a user controlling who has access rights on the network,
why? Exactly?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBYQAMqmlxlf41jHgRAn+eAJ4vZtGsO9X/oZWEsey8xby5NEjCWQCgtpF6
PRL3jul5+SpSn070fnu4I6Y=
=EvlP
-----END PGP SIGNATURE-----

 

[Carl Hilton]

I want them controlling THEIR folders NOT everyones'.

 

[andy smart]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Carl Hilton wrote:
| I want them controlling THEIR folders NOT everyones'.
|
|
|
| |
| Carl Hilton wrote:
| | I have a user who I have given FULL control rights to her network
|
|> folder.
|
| | She tells me she can not add permission for other folks to specific
| | subdirectories. I have propogated the FULL control to all her sub
| objects. I
| | have gone in to one of her sub folders and checked EFFECTIVE
|
|> PERMISSIONS,
|
| | and she has full control... I have turned on Auditing and only note a
| | failure for her with:
| |
| | Event Type: Failure Audit
| | Event Source: Security
| | Event Category: Object Access
| | Event ID: 560
| | Date: 9/30/2004
| | Time: 1:49:31 PM
| | User: DOMAIN1\IBW
| | Computer: FILESSERVER
| | Description:
| | Object Open:
| | Object Server: Security
| | Object Type: File
| | Object Name: D:\Users\IBW\DataWork
| | Handle ID: -
| | Operation ID: {0,32716122}
| | Process ID: 4
| | Image File Name:
| | Primary User Name: FILESSERVER$
| | Primary Domain: SAD
| | Primary Logon ID: (0x0,0x3E7)
| | Client User Name: IBW
| | Client Domain: DOMAIN1
| | Client Logon ID: (0x0,0x1EFB976)
| | Accesses: ACCESS_SYS_SEC
| | ReadAttributes
| |
| | Privileges: -
| | Restricted Sid Count: 0
| | Access Mask: 0x1000080
| |
| |
| | For more information, see Help and Support Center at
| | http://go.microsoft.com/fwlink/events.asp.
| |
| |
| And you want a user controlling who has access rights on the network,
| why? Exactly?

I know, but what would worry me is to whom they are giving access, and
who will ultimaely manage (aka 'be responsible for' that access.

Does she need to provide access to people from within the organization?
The way we do things here is to create shared areas for access by people
with specific needs - and make people members or not as the need arises.
This doesnt' need a lot of tweaking and seems to work for us here.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBYTRKqmlxlf41jHgRAhwJAKCC2rGba1UEuaC89rGyPyM25VBFsgCfZaQy
65RNVVaGfTNMDoUphyAHdHs=
=XK9z
-----END PGP SIGNATURE-----