• Sign in to Neowin Faster!

    Create an account on Neowin to contribute and support the site.

Sign in to follow this  

Configuring 2k3 server

Recommended Posts

anderground    0

hi

can i set group permissions on the server, which would apply to a folder that resides on a client pc ?

ex:

1) permission for a user who is trying to access some folder on the local pc which he is logged on

2) .... on some other local pc in the domain

in general, is there any difference in the approach if resources are on client pc's or on the server ?

Share this post


Link to post
Share on other sites
sc302    1,723

no. you can set what groups get what permissions on the pc as well as the server. it can be security or it can be file/folder level.

Share this post


Link to post
Share on other sites
anderground    0

no. you can set what groups get what permissions on the pc as well as the server. it can be security or it can be file/folder level.

and how do i manage permissions on pc's resources (folders), locally or remotely on the server ?

is there a centralized management of share permissions of all computers in the domain ?

and also there could be a permission conflict between local admin and server admin regarding access of some local folder.

i mean local admin could grant access to a group whereas the server admin could deny it (if he could, in the first place), and vice versa.

which one takes precedence?

(as for ntfs /security/, i suppose i cannot change ntfs permissions of the local pc's from the server.)

Share this post


Link to post
Share on other sites
sc302    1,723

pcs are done at the pc level. you could always remote into the pc's. if you are an admin of the pc, doesn't matter if local admin or server admin (both are admins of the pc) yes they can control who has access to what. this is why you don't give a user admin rights over the pc and you also don't give a user the administrator password of anything (local or domain).

ntfs/share permissions are done at the server/pc/laptop/device you want to give access to. in otherwords, if I wanted to give you access to my pc I would have to be on my pc to do it. If i wanted to give you access to the server I would be on the server to do it. There is a reason you don't do shares on pc's, it is because you don't have as much control over them as you do the servers. Servers you know some dumbass isn't going to shut it down for whatever reason. Servers you know someone isn't going to muck up because they went out to a bad site on it. You don't share out pc's unless absolutely necessary. there is no reason for it. You make home drives on servers and redirect their documents and desktop to it, that way everything is backed up during your daily backup and aren't wasting time going over the network. There is a lot more to this than just setting up AD, it does require a little bit of thought and the abiltiy to have policies pushed down their throats without them knowing.

Share this post


Link to post
Share on other sites
anderground    0

pcs are done at the pc level. you could always remote into the pc's. if you are an admin of the pc, doesn't matter if local admin or server admin (both are admins of the pc) yes they can control who has access to what. this is why you don't give a user admin rights over the pc and you also don't give a user the administrator password of anything (local or domain).

understood (Y)

i thought that dc admin has some centralized management of all shared folders of the domain.

so the admin just creates groups, and what that groups can do, must be specified locally (either on the server itself /if network folders reside on the server/, or on the pc's if they reside on client comps ?

edit:

ok, i didnt see your edited post.

its the answer to my question.

thanks

Share this post


Link to post
Share on other sites
anderground    0
You don't share out pc's unless absolutely necessary. there is no reason for it.

got the point thanks.

you know, it takes some time to transform from workgroup to domain logic :)

Share this post


Link to post
Share on other sites
sc302    1,723

got the point thanks.

you know, it takes some time to transform from workgroup to domain logic :)

when you are ready to setup let me know. I will help you out/remote in and do it, you can learn how not to pigeon toe yourself. I don't know what you did on your test network, but it doesn't compute properly.

Really slow, and it is **** blocking you somewhere. I can go through your settings to see what they look like, it was really ugly. unless you are using a 10 base T hub (I know you aren't). or you are using home made patch cables and didn't crimp the casing into the end, leaving the wires exposed over an inch (they are already exposed about 1/2" in the end, which is all that should be exposed).

Share this post


Link to post
Share on other sites
anderground    0

when you are ready to setup let me know. I will help you out/remote in and do it, you can learn how not to pigeon toe yourself. I don't know what you did on your test network, but it doesn't compute properly.

Really slow, and it is **** blocking you somewhere. I can go through your settings to see what they look like, it was really ugly. unless you are using a 10 base T hub (I know you aren't). or you are using home made patch cables and didn't crimp the casing into the end, leaving the wires exposed over an inch (they are already exposed about 1/2" in the end, which is all that should be exposed).

i have 100Mb (4 port) router and factory made cables, and on 2 of 3 machines i dont have any blocking software active, but i think the problem with remote apps is because my internet speed.

its 4M/256(upload) cable. :/

also, it could be due to some old dns servers. i have received addresses of a new pair of dns servers from my provider, so i'll set them and will see.

thanks for your offer. when it comes to real implementation in the firm, i'd appreciate any help.

Share this post


Link to post
Share on other sites
sc302    1,723

No the remote connection to the server and pcs were fine. It was the internal connection between them that sucked.

Share this post


Link to post
Share on other sites
anderground    0

No the remote connection to the server and pcs were fine. It was the internal connection between them that sucked.

oh ok, maybe we could look at it tomorrow if you have time.

Share this post


Link to post
Share on other sites
sc302    1,723

Sure let me know when.

Share this post


Link to post
Share on other sites
anderground    0

tomorrow, about this time.

(there's also another strange problem, since recently i have almost every link to click twice.

first click usually just starts loading process and stuck, then after second click the page gets loaded.)

Share this post


Link to post
Share on other sites
sc302    1,723

Probably be driving. But can try. Drving home now.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.