Configuring 2k3 server

By anderground
in Microsoft (Windows)

 Share

Recommended Posts

Collaborator

anderground

Posted
  • Author
Posted

hi

can i set group permissions on the server, which would apply to a folder that resides on a client pc ?

ex:

1) permission for a user who is trying to access some folder on the local pc which he is logged on

2) .... on some other local pc in the domain

in general, is there any difference in the approach if resources are on client pc's or on the server ?

Collaborator

anderground

Posted
  • Author
Posted

no. you can set what groups get what permissions on the pc as well as the server. it can be security or it can be file/folder level.

and how do i manage permissions on pc's resources (folders), locally or remotely on the server ?

is there a centralized management of share permissions of all computers in the domain ?

and also there could be a permission conflict between local admin and server admin regarding access of some local folder.

i mean local admin could grant access to a group whereas the server admin could deny it (if he could, in the first place), and vice versa.

which one takes precedence?

(as for ntfs /security/, i suppose i cannot change ntfs permissions of the local pc's from the server.)

Grand Master

sc302 Veteran

Posted
  • Veteran
Posted

pcs are done at the pc level. you could always remote into the pc's. if you are an admin of the pc, doesn't matter if local admin or server admin (both are admins of the pc) yes they can control who has access to what. this is why you don't give a user admin rights over the pc and you also don't give a user the administrator password of anything (local or domain).

ntfs/share permissions are done at the server/pc/laptop/device you want to give access to. in otherwords, if I wanted to give you access to my pc I would have to be on my pc to do it. If i wanted to give you access to the server I would be on the server to do it. There is a reason you don't do shares on pc's, it is because you don't have as much control over them as you do the servers. Servers you know some dumbass isn't going to shut it down for whatever reason. Servers you know someone isn't going to muck up because they went out to a bad site on it. You don't share out pc's unless absolutely necessary. there is no reason for it. You make home drives on servers and redirect their documents and desktop to it, that way everything is backed up during your daily backup and aren't wasting time going over the network. There is a lot more to this than just setting up AD, it does require a little bit of thought and the abiltiy to have policies pushed down their throats without them knowing.

Collaborator

anderground

Posted
  • Author
Posted

pcs are done at the pc level. you could always remote into the pc's. if you are an admin of the pc, doesn't matter if local admin or server admin (both are admins of the pc) yes they can control who has access to what. this is why you don't give a user admin rights over the pc and you also don't give a user the administrator password of anything (local or domain).

understood (Y)

i thought that dc admin has some centralized management of all shared folders of the domain.

so the admin just creates groups, and what that groups can do, must be specified locally (either on the server itself /if network folders reside on the server/, or on the pc's if they reside on client comps ?

edit:

ok, i didnt see your edited post.

its the answer to my question.

thanks

Grand Master

sc302 Veteran

Posted
  • Veteran
Posted

got the point thanks.

you know, it takes some time to transform from workgroup to domain logic :)

when you are ready to setup let me know. I will help you out/remote in and do it, you can learn how not to pigeon toe yourself. I don't know what you did on your test network, but it doesn't compute properly.

Really slow, and it is **** blocking you somewhere. I can go through your settings to see what they look like, it was really ugly. unless you are using a 10 base T hub (I know you aren't). or you are using home made patch cables and didn't crimp the casing into the end, leaving the wires exposed over an inch (they are already exposed about 1/2" in the end, which is all that should be exposed).

Collaborator

anderground

Posted
  • Author
Posted

when you are ready to setup let me know. I will help you out/remote in and do it, you can learn how not to pigeon toe yourself. I don't know what you did on your test network, but it doesn't compute properly.

Really slow, and it is **** blocking you somewhere. I can go through your settings to see what they look like, it was really ugly. unless you are using a 10 base T hub (I know you aren't). or you are using home made patch cables and didn't crimp the casing into the end, leaving the wires exposed over an inch (they are already exposed about 1/2" in the end, which is all that should be exposed).

i have 100Mb (4 port) router and factory made cables, and on 2 of 3 machines i dont have any blocking software active, but i think the problem with remote apps is because my internet speed.

its 4M/256(upload) cable. :/

also, it could be due to some old dns servers. i have received addresses of a new pair of dns servers from my provider, so i'll set them and will see.

thanks for your offer. when it comes to real implementation in the firm, i'd appreciate any help.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Microsoft explains how it made Teams so much faster in 2026

      By +virtorio · Posted

      I just started using Teams (and “New” Oiutlook) at work (instead of Slack) and both are truly abysmal pieces of software.
    • EU Commission explains why Siri AI isn't launching in the EU, and Apple is to blame

      By NEXXUS · Posted

      I'm actually on apples side for this
    • Phone Dilemma

      By +InsaneNutter · Posted

      If you are willing to go to approx $200, then as mentioned in your other thread I think a refurbished Pixel 8 will be a great deal that will last you for years. I recently recommended that to someone at work, he was on a strict £200 budget, which got him an excellent conditioned refurbished Pixel 8 here. He's since told me its the best phone he's ever had and feels its a massive upgrade over his old Samsung A series device. I don't know the sites which deal in refurbished devices in the US, however I’m sure you will have some options like we do here. Failing that Ebay is also quite good in my experience. If you wanted something a bit cheaper, then you could maybe go for an older Pixel 7, these will still get security updates until the end of 2027. Even after that you have good third party OS support from LineageOS. It doesn't have to be a Pixel though, you can buy many older devices for a good deal that would be better than a new $100 phone and flash LineageOS to them: https://wiki.lineageos.org/devices/
    • Microsoft is bringing big performance improvements to OneDrive on Mac

      By ad47uk · Posted

      I don't use one drive, but then I don't use any cloud storage, not even Icloud on my mac. If I did use cloud storage, then I would not use One drive, not because there is anything wrong with it, but because I can use Icloud. The only reason I see to use one drive is if your job requires you to have access to it
    • Microsoft is bringing big performance improvements to OneDrive on Mac

      By ad47uk · Posted

      Not built in, which is not a bad thing. There are ways of adding cloud storage to it, Dropbox is the most well know that also have a client for Linux, but there are others.

  • Popular Contributors

    1. 1
      +primortal
      495
    2. 2
      PsYcHoKiLLa
      206
    3. 3
      +Edouard
      153
    4. 4
      Steven P.
      85
    5. 5
      ATLien_0
      75
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!