endoftheline2
New member
- Local time
- 12:42 AM
- Messages
- 20
I have created a test domain with one server (windows server 2008r2) running active directory and dns, and one client that is in the domain(windows 7 enterprise)
I have created a new user, John Andrews, and added him to the Domain Admin [Global Group] and then Domain Admin's is a member of Administrators [Domain Local Group].
http://img94.imageshack.us/img94/5020/johnandrewspermissions.jpg
Now my understanding was that you in theory use the Global Groups for users, and the Domain Local groups for resources. So for example if your usinging the built in groups, you would assign your Admin users to the Domain Admins global group, and then any folder or object that had the Administrators domain local group in it's permissions, would be accessable to your Admins users, because Domain Admins is a member of the domain local group Administrators.
On the server, while logged in as John Andrews I then created a new 10GB partition, H:, to make as a file share. The permissions of this partition have the Administrators domain local group as a member with Full Control.
http://img195.imageshack.us/img195/5679/hsecproperties.jpg
I then created a new folder in this partition called LanAdmin. The folder creates fine, but then when I try to open it, I get a dialog that I do not have permission. When I check the Security permissions, it again says that I do not have the administrative permission, however I can still hit continue to view the permissions. And in the security list is the Administrators domain local group with Full control selected.
http://img193.imageshack.us/img193/6971/permissionsoflanadmin.jpg
I do not understand why I do not have permissions to this folder, even as I just created it. Am I not correct about how a user in the global group has access to resources of a domain local group that the users global group is a member of?
What am I missing here about how the permissions work?
I have created a new user, John Andrews, and added him to the Domain Admin [Global Group] and then Domain Admin's is a member of Administrators [Domain Local Group].
http://img94.imageshack.us/img94/5020/johnandrewspermissions.jpg
Now my understanding was that you in theory use the Global Groups for users, and the Domain Local groups for resources. So for example if your usinging the built in groups, you would assign your Admin users to the Domain Admins global group, and then any folder or object that had the Administrators domain local group in it's permissions, would be accessable to your Admins users, because Domain Admins is a member of the domain local group Administrators.
On the server, while logged in as John Andrews I then created a new 10GB partition, H:, to make as a file share. The permissions of this partition have the Administrators domain local group as a member with Full Control.
http://img195.imageshack.us/img195/5679/hsecproperties.jpg
I then created a new folder in this partition called LanAdmin. The folder creates fine, but then when I try to open it, I get a dialog that I do not have permission. When I check the Security permissions, it again says that I do not have the administrative permission, however I can still hit continue to view the permissions. And in the security list is the Administrators domain local group with Full control selected.
http://img193.imageshack.us/img193/6971/permissionsoflanadmin.jpg
I do not understand why I do not have permissions to this folder, even as I just created it. Am I not correct about how a user in the global group has access to resources of a domain local group that the users global group is a member of?
What am I missing here about how the permissions work?
My Computer
- OS
- Windows 7 Ultimate x64
- CPU
- Intel Core 2 Duo E6700 Conroe 2.66GHz LGA 775 65W Dual-Core
- Motherboard
- EVGA 122-CK-NF63-TR LGA 775 NVIDIA nForce 680i SLI ATX Intel
- Memory
- OCZ Platinum 4GB (2 x 2GB) DDR2 1066 OCZ2P10664GK
- Graphics Card(s)
- EVGA GeForce GTX 260 Core 216 896MB 448-bit
- Monitor(s) Displays
- Dell 24inch @ 1920*1200
- Screen Resolution
- 1920*1200
- Hard Drives
- Windows on 500GB
Data Drivers:
1TB
2TB
- PSU
- SILVERSTONE 750W ATX [4x +12V 18A Rails]
- Case
- Raidmax
- Cooling
- Zalman CNPS 9700
