Actually pc1 and server1 are both at Windows 2003 Server R2 with Service Pack 2. The domain is a functional 2003 domain level.
Where I actually disagree with the method here; I don't think a local user of one server or computer should be granted rights to a folder on yet another computer rather than a domain member, I agree it _should_ function. I'm told it has functioned until Friday afternoon. The last time I approved and applied any MS updates was last Monday. We run a fairly clean environment as it's only 20 servers and 400 or so desktops, so it's fairly easy to manage IF they are all relatively similar to each other so we try to keep them that way. Pc1 is a web server with NO file/Print ports open, server1 is a file share with NO web ports open. Neither is a domain controller. There are no ports blocked between the two computers and the domain controllers though, the servers are all on the same switch. Thanks for taking an interest! This one has me going mad. "mad I tell ya!" -----Original Message----- From: Erik Goldoff [mailto:[EMAIL PROTECTED] Sent: Monday, June 23, 2008 2:48 PM To: NT System Admin Issues Subject: RE: Can \\pc1\user has rights to \\pc2\share\folder1? Strange... What level AD are you running(2000, 2003?), and what OS for the PC1 desktop (2000, XP, Vista) ? You got me curious now, gotta try this in a lab or VM environment to see -----Original Message----- From: Stephen Wimberly [mailto:[EMAIL PROTECTED] Sent: Monday, June 23, 2008 2:34 PM To: NT System Admin Issues Subject: RE: Can \\pc1\user has rights to \\pc2\share\folder1? I don't see where anything has changed on pc1, and I've tried this with several computers and I'm not seeing any difference. Maybe a needed service on pc1 or server1 has been disabled or corrupted? -----Original Message----- From: Erik Goldoff [mailto:[EMAIL PROTECTED] Sent: Monday, June 23, 2008 1:47 PM To: NT System Admin Issues Subject: RE: Can \\pc1\user has rights to \\pc2\share\folder1? Well, if the PC1 is a member of the domain computers and you're a domain administrator then you *should* be able to enumerate the local PC users & Groups. Can you login locally to PC1 to check users and groups to see if anything has been changed or deleted ? -----Original Message----- From: Stephen Wimberly [mailto:[EMAIL PROTECTED] Sent: Monday, June 23, 2008 1:20 PM To: NT System Admin Issues Subject: RE: Can \\pc1\user has rights to \\pc2\share\folder1? If I follow you, you're saying create a group at the domain level and add a user from a workstation into the domain group? I already have a group that has access for other reasons, when I attempt to add \\pc1\user I get name is not valid. I could add the computer object, \\pc1, but the application is not using the system account. I don't know how to add a local machine user to a domain group. -----Original Message----- From: Erik Goldoff [mailto:[EMAIL PROTECTED] Sent: Monday, June 23, 2008 1:03 PM To: NT System Admin Issues Subject: RE: Can \\pc1\user has rights to \\pc2\share\folder1? Hmmmm, could you not just make a group that has the required rights to the share, and then explicitly add the local user from PC1 to the group ? -----Original Message----- From: Stephen Wimberly [mailto:[EMAIL PROTECTED] Sent: Monday, June 23, 2008 12:58 PM To: NT System Admin Issues Subject: RE: Can \\pc1\user has rights to \\pc2\share\folder1? I have been able to duplicate the 'problem' so here is a more detailed "user" issue: I am also a member of Domain Admins and Enterprise Admins in our forest. We have a simple forest with only one domain. When I log into \\pc1 with full rights, I map a drive to \\SERVER1\Share and right click "folder1" to gain properties I can click ADD to add a user or group to the security rights list, and then click on LOCATIONS to pick users from a specific location. In the results I see the server hosting the share, SERVER1, and the AD structure. NOT the local \\pc1 as a choice. I am told that I should see the local computer as a choice and be able to select users that are local to the local computer. Is that correct? The account in question is the IUSR_pc1, which is a web user that needs to write code to the file share. -----Original Message----- From: Erik Goldoff [mailto:[EMAIL PROTECTED] Sent: Monday, June 23, 2008 12:45 PM To: NT System Admin Issues Subject: RE: Can \\pc1\user has rights to \\pc2\share\folder1? Are you *sure* the user is part of the lcoal PC1 security and NOT part of the Domain logging in from PC1 ? -----Original Message----- From: Stephen Wimberly [mailto:[EMAIL PROTECTED] Sent: Monday, June 23, 2008 12:37 PM To: NT System Admin Issues Subject: Can \\pc1\user has rights to \\pc2\share\folder1? If I am on a computer, call it "\\pc1" and map a drive to \\SERVER1\share could I then right click a sub folder to the mapped drive, call it \\SERVER1\share\folder1 and look at the properties for the folder1, ADD a user or group and then click LOCATIONS to add local users from \\pc1, the computer I am locally logged into? Both SERVER1 and pc1 are in the same windows domain. I have a coworker that tells me he has had this setup for years and Friday it suddenly stopped working, and now pc1 is no longer an option when clicking on LOCATIONS to add users or groups. He wants me to fix it so that \\pc1\user can have security rights to \\SERVER1\share\folder1. How is SERVER1 going to know anything about a local user on a remote machine? Is this 'broken'? ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ No virus found in this incoming message. Checked by AVG. Version: 8.0.100 / Virus Database: 270.4.1/1514 - Release Date: 6/23/2008 7:17 AM ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ No virus found in this incoming message. Checked by AVG. Version: 8.0.100 / Virus Database: 270.4.1/1514 - Release Date: 6/23/2008 7:17 AM ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ No virus found in this incoming message. Checked by AVG. Version: 8.0.100 / Virus Database: 270.4.1/1514 - Release Date: 6/23/2008 7:17 AM ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ No virus found in this incoming message. Checked by AVG. Version: 8.0.100 / Virus Database: 270.4.1/1514 - Release Date: 6/23/2008 7:17 AM ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
