windows permissions
#1
Scooby Regular
Thread Starter
Join Date: Aug 2001
Location: wakefield
Posts: 2,082
Likes: 0
Received 0 Likes
on
0 Posts
right then...
if fred exists in domain A & B with identical username & password..
fred needs resource from server1 in domain B, share is setup up with local group, local group has user from domain B in i...
it would appear that NTLM checks local machine for local user BUT NOT local group??
in other words I have to creat a local user on the resource server otherwise it prompts for user authentication....
I want it to appear seamless to users until single domain logon in 2 months time.
ps - if you understand this you are a geek
shunty
if fred exists in domain A & B with identical username & password..
fred needs resource from server1 in domain B, share is setup up with local group, local group has user from domain B in i...
it would appear that NTLM checks local machine for local user BUT NOT local group??
in other words I have to creat a local user on the resource server otherwise it prompts for user authentication....
I want it to appear seamless to users until single domain logon in 2 months time.
ps - if you understand this you are a geek
shunty
#3
Scooby Regular
Thread Starter
Join Date: Aug 2001
Location: wakefield
Posts: 2,082
Likes: 0
Received 0 Likes
on
0 Posts
ahh, answered own question I think:
http://support.microsoft.com/?kbid=216970
so it's universal group needed in native mode.....
I thought I had done this before with no problems, this domain is in mixed mode.
"In a Native-mode domain, the Key Distribution Center (KDC) on the domain controller authenticating the user's logon request is responsible for adding the SIDs for global groups from the user's logon domain, locating and communicating with the GC to enumerate the universal groups the user is a member of, and adding the SIDs of those groups to the user's token. If the domain the computer resides in is in Native mode, any domain local groups from that domain of which the user is a member are added to the token. Lastly, any local groups from the local computer of which the user is a member are added to the token."
bu55er!!!
anyway round this rather than creating local users on servers then ??
shunty
http://support.microsoft.com/?kbid=216970
so it's universal group needed in native mode.....
I thought I had done this before with no problems, this domain is in mixed mode.
"In a Native-mode domain, the Key Distribution Center (KDC) on the domain controller authenticating the user's logon request is responsible for adding the SIDs for global groups from the user's logon domain, locating and communicating with the GC to enumerate the universal groups the user is a member of, and adding the SIDs of those groups to the user's token. If the domain the computer resides in is in Native mode, any domain local groups from that domain of which the user is a member are added to the token. Lastly, any local groups from the local computer of which the user is a member are added to the token."
bu55er!!!
anyway round this rather than creating local users on servers then ??
shunty
Thread
Thread Starter
Forum
Replies
Last Post
Mattybr5@MB Developments
Full Cars Breaking For Spares
12
18 November 2015 07:03 AM
hardcoreimpreza
Computer & Technology Related
21
11 October 2015 03:40 PM