Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » Same file permissions for every users in the same domain
Same file permissions for every users in the same domain [message #158934] Tue, 21 July 2009 12:59 Go to next message
Istvan  is currently offline Istvan
Messages: 1
Registered: July 2009
Junior Member
Hi All!

I need some help in the following problem:
At our company we have SBS 2003 installed as a domain controller.
On the client machines we are running Windows XP SP3s.

A 3rd party company installed and configured our server, and i guess we need
to change something in the Active Directory:

Once we add a new client into the domain, some restrictions are apply on it:
- user does not have write permission on his / her local drives
- can not read / edit registry
- some other restrictions, but now the above are the most frustrating ones.

Does anyone know where can i find solution for these?
Is it possible to restrict the above in the AD? Or the are in the GP?

Any help would be apreciated!

Regards,
Istvan
Re: Same file permissions for every users in the same domain [message #158938 is a reply to message #158934] Tue, 21 July 2009 13:54 Go to previous messageGo to next message
KevinJ.SBS  is currently offline KevinJ.SBS  United States
Messages: 653
Registered: July 2009
Senior Member
Istvan wrote:
> Hi All!
>
> I need some help in the following problem:
> At our company we have SBS 2003 installed as a domain controller.
> On the client machines we are running Windows XP SP3s.
>
> A 3rd party company installed and configured our server, and i guess
> we need to change something in the Active Directory:
>
> Once we add a new client into the domain, some restrictions are apply
> on it:
> - user does not have write permission on his / her local drives
> - can not read / edit registry
> - some other restrictions, but now the above are the most frustrating
> ones.
>
> Does anyone know where can i find solution for these?
> Is it possible to restrict the above in the AD? Or the are in the GP?
>
> Any help would be apreciated!
>
> Regards,
> Istvan

These 'restrictions' would be expected for a normal user logging into a
workstation and not being a workstation local administrator. The users would
need rights to the file system and rights to edit the registry. You could
resolve these by adding the user to the workstation local administrators
group - but a preferred method would be to only give them the permission
they need, not just everything.


You may want to post SBS specific questions to
microsoft.public.windows.server.sbs

--
/kj
Re: Same file permissions for every users in the same domain [message #158955 is a reply to message #158934] Tue, 21 July 2009 19:33 Go to previous messageGo to next message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello Istvan,

That is normal behaviour when a computer joins a domain and domain users
logon to the computer. This belongs to security setup of the domain.

Normally domain users don't have the need to "play" around in the registry
or on the machines harddisk. For company data use network shares and folder
redirection, so you have a central place to store and of course backup data.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Hi All!
>
> I need some help in the following problem:
> At our company we have SBS 2003 installed as a domain controller.
> On the client machines we are running Windows XP SP3s.
> A 3rd party company installed and configured our server, and i guess
> we need to change something in the Active Directory:
>
> Once we add a new client into the domain, some restrictions are apply
> on it:
> - user does not have write permission on his / her local drives
> - can not read / edit registry
> - some other restrictions, but now the above are the most frustrating
> ones.
> Does anyone know where can i find solution for these? Is it possible
> to restrict the above in the AD? Or the are in the GP?
>
> Any help would be apreciated!
>
> Regards,
> Istvan
Re: Same file permissions for every users in the same domain [message #158969 is a reply to message #158934] Wed, 22 July 2009 08:21 Go to previous message
pbbergs  is currently offline pbbergs  United States
Messages: 1024
Registered: July 2009
Senior Member
A follow up to what others have stated
I doubt that users can't write to their local drive, it is probably they
can't write to locations within the system partition. Which is a good thing
and is part of the initial install. I would suggest you not allow users to
write locally but instead use the redirect of my documents so that all
important data that is saved is pointed to a common area for all users and
that datat is backed up and archived.
You don't want them messing with the registry, it is protected for a
number of reasons including malware and sabotage as well as protecting them
from themselves.

It sounds like you are new to IT and I would suggest you pull back and buy
yourself a book to help you understand business IT and not look at these
machines in the same manner you would if you were sitting at home on your
personal machine.

Check out Mark Minasi's books, in particular check out Mastering XP
http://www.amazon.com/exec/obidos/ASIN/0782141145/markminasi /

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"Istvan" <Istvan@discussions.microsoft.com> wrote in message
news:57DA8AD9-BB27-4DD2-BC44-F16A88214699@microsoft.com...
> Hi All!
>
> I need some help in the following problem:
> At our company we have SBS 2003 installed as a domain controller.
> On the client machines we are running Windows XP SP3s.
>
> A 3rd party company installed and configured our server, and i guess we
> need
> to change something in the Active Directory:
>
> Once we add a new client into the domain, some restrictions are apply on
> it:
> - user does not have write permission on his / her local drives
> - can not read / edit registry
> - some other restrictions, but now the above are the most frustrating
> ones.
>
> Does anyone know where can i find solution for these?
> Is it possible to restrict the above in the AD? Or the are in the GP?
>
> Any help would be apreciated!
>
> Regards,
> Istvan
Previous Topic:Transitioning to Win2k8 AD - Adprep failing
Next Topic:Computer Objects
Goto Forum:
  


Current Time: Sat Oct 21 18:58:52 EDT 2017

Total time taken to generate the page: 0.04900 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software