Configuring 2k3 server

[anderground]

hi

can i set group permissions on the server, which would apply to a folder that resides on a client pc ?

ex:

1) permission for a user who is trying to access some folder on the local pc which he is logged on

2) .... on some other local pc in the domain

in general, is there any difference in the approach if resources are on client pc's or on the server ?

[sc302 Veteran]

no. you can set what groups get what permissions on the pc as well as the server. it can be security or it can be file/folder level.

[anderground]

no. you can set what groups get what permissions on the pc as well as the server. it can be security or it can be file/folder level.

and how do i manage permissions on pc's resources (folders), locally or remotely on the server ?

is there a centralized management of share permissions of all computers in the domain ?

and also there could be a permission conflict between local admin and server admin regarding access of some local folder.

i mean local admin could grant access to a group whereas the server admin could deny it (if he could, in the first place), and vice versa.

which one takes precedence?

(as for ntfs /security/, i suppose i cannot change ntfs permissions of the local pc's from the server.)

[sc302 Veteran]

pcs are done at the pc level. you could always remote into the pc's. if you are an admin of the pc, doesn't matter if local admin or server admin (both are admins of the pc) yes they can control who has access to what. this is why you don't give a user admin rights over the pc and you also don't give a user the administrator password of anything (local or domain).

ntfs/share permissions are done at the server/pc/laptop/device you want to give access to. in otherwords, if I wanted to give you access to my pc I would have to be on my pc to do it. If i wanted to give you access to the server I would be on the server to do it. There is a reason you don't do shares on pc's, it is because you don't have as much control over them as you do the servers. Servers you know some dumbass isn't going to shut it down for whatever reason. Servers you know someone isn't going to muck up because they went out to a bad site on it. You don't share out pc's unless absolutely necessary. there is no reason for it. You make home drives on servers and redirect their documents and desktop to it, that way everything is backed up during your daily backup and aren't wasting time going over the network. There is a lot more to this than just setting up AD, it does require a little bit of thought and the abiltiy to have policies pushed down their throats without them knowing.

[anderground]

pcs are done at the pc level. you could always remote into the pc's. if you are an admin of the pc, doesn't matter if local admin or server admin (both are admins of the pc) yes they can control who has access to what. this is why you don't give a user admin rights over the pc and you also don't give a user the administrator password of anything (local or domain).

understood (Y)

i thought that dc admin has some centralized management of all shared folders of the domain.

so the admin just creates groups, and what that groups can do, must be specified locally (either on the server itself /if network folders reside on the server/, or on the pc's if they reside on client comps ?

edit:

ok, i didnt see your edited post.

its the answer to my question.

thanks

[anderground]

You don't share out pc's unless absolutely necessary. there is no reason for it.

got the point thanks.

you know, it takes some time to transform from workgroup to domain logic :)

[sc302 Veteran]

got the point thanks.

you know, it takes some time to transform from workgroup to domain logic :)

when you are ready to setup let me know. I will help you out/remote in and do it, you can learn how not to pigeon toe yourself. I don't know what you did on your test network, but it doesn't compute properly.

Really slow, and it is **** blocking you somewhere. I can go through your settings to see what they look like, it was really ugly. unless you are using a 10 base T hub (I know you aren't). or you are using home made patch cables and didn't crimp the casing into the end, leaving the wires exposed over an inch (they are already exposed about 1/2" in the end, which is all that should be exposed).

[anderground]

when you are ready to setup let me know. I will help you out/remote in and do it, you can learn how not to pigeon toe yourself. I don't know what you did on your test network, but it doesn't compute properly.

Really slow, and it is **** blocking you somewhere. I can go through your settings to see what they look like, it was really ugly. unless you are using a 10 base T hub (I know you aren't). or you are using home made patch cables and didn't crimp the casing into the end, leaving the wires exposed over an inch (they are already exposed about 1/2" in the end, which is all that should be exposed).

i have 100Mb (4 port) router and factory made cables, and on 2 of 3 machines i dont have any blocking software active, but i think the problem with remote apps is because my internet speed.

its 4M/256(upload) cable. :/

also, it could be due to some old dns servers. i have received addresses of a new pair of dns servers from my provider, so i'll set them and will see.

thanks for your offer. when it comes to real implementation in the firm, i'd appreciate any help.

[sc302 Veteran]

No the remote connection to the server and pcs were fine. It was the internal connection between them that sucked.

[anderground]

No the remote connection to the server and pcs were fine. It was the internal connection between them that sucked.

oh ok, maybe we could look at it tomorrow if you have time.

[sc302 Veteran]

Sure let me know when.

[anderground]

tomorrow, about this time.

(there's also another strange problem, since recently i have almost every link to click twice.

first click usually just starts loading process and stuck, then after second click the page gets loaded.)

[sc302 Veteran]

Probably be driving. But can try. Drving home now.