Thomas --- you should
take care when entering Everyone now that you are running in Active
Directory.
This name is a
misnomer in regards to NT 4.0. It does not mean EVERYONE IN THE DOMAIN it
means EVERYONE (period). If you apply this group to anything for security
restrictions than anyone with access to the directory can manipulate that
resource. I believe the group you are looking for is the Domain Users
Group.
-----Original
Message-----
From: Barber,
Thomas [mailto:[EMAIL PROTECTED]]
Sent: Monday, October 07,
2002 1:29
PM
To:
[EMAIL PROTECTED]
Subject: [ActiveDir] No more Everyone
Group?
Currently, we’re running Windows
2K AD Native.
Recently, I wanted to add the
capability for all users to be able to use Exchange 2000 Webmail by typing in
their UPN ([EMAIL PROTECTED]).
Since I already had the Pre-Windows 2000 SAM Account property populated,
I populated the UPN with the same name, with the @domain.com after it.
This worked fine.
After this change, I have noticed
several things have occurred:
1. You can not add the
domain-based Everyone Group to a local group on a Windows 2000 or XP
client. We could do this before, but can not do this now.
Interestingly, you can still use the domain-based Everyone group for Folder
and File permissions.
2. Some of the permissions I had
set up for groups don’t seem to function anymore. Specifically, I
created a Computer Operators global group. This group could add/delete
computers to/from the domain; members of the group now get an access denied
message.
Has anyone experienced similar
issues? Could this be caused by Group Policies affecting users with UPNs
compared to users with only SAM account names?
-Tom
Barber
Systems
Manager
Alfred
State
College
Alfred,
NY
14802
(607)587-3558
