Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Active directory for server 2000


  • Please log in to reply

#1
Bruinaholic

Bruinaholic

    Member

  • Member
  • PipPipPip
  • 162 posts
I am trying to get use to active directory to I have begun fooling around with it. What I am trying to do is add a user in AD users and computers which I did under users. I called it user1. I then want to set up an organizational unit to limit the user to only have read permissions and test it. How do I go about doing this please? I appreciate any help.
  • 0

Advertisements


#2
peterm

peterm

    Trusted Tech

  • Technician
  • 3,173 posts
With server 2000 & AD you tend to set permissions on the folders / programs as to who can access them and what access they have.
  • 0

#3
dsenette

dsenette

    Je suis Napoléon!

  • Administrator
  • 26,019 posts
  • MVP
also...OU's (organizational units) are just that...units for organizations...you cannot assign permissions to OU's...you can assign group policy to them...but this doesn't effect file permissions...file permissions are easiest to control by making security groups within the AD structure for each required level of access...i.e you would make a group named accounting for the accounting department and one named purchasing for the purchasing department....then you would assign permissions in such a way that the purchasing group doesn't have access to accounting and the accounting group doesn't have access to purchasing etc...


p.s. i LOVE active directory...it's one of the funnest things i've ever worked with...can be easy or complex...depending on what you're doing
  • 0

#4
Bruinaholic

Bruinaholic

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 162 posts
Ok guys, like I said previously I am just fooling around but this is what I did so far. I have a domain called stooges. I created a group called accounting and added user10, user20 and user30 to it. I am trying to delegate control for accounting. This is what I've done so far I select "create a custom task to delegate", select next. select "only the following objects in the folder", select "group objects", select next. Under permissions I select "read", click next, click finish. I set this up just to see if I can edit a file and hoping it won't let me.

When I try to log on I get the following "the local policy of this system doesn't permit you to logon interactively" when I try logging in as user10. Why is this and how do I fix this so I can logon as user10, please? I appreciate any help.
  • 0

#5
dsenette

dsenette

    Je suis Napoléon!

  • Administrator
  • 26,019 posts
  • MVP
ah...you're trying to log on to the SERVER as one of these users? that's not gonna work...well...without some modifications....by default in AD you can only log on to a domain controller as a member of the domain admins group...if you were logging on to another client machine that was joined to the domain...then the story would be different....for a user to be able to log on to the domain controller (like physically on that computer) you need to change the domain controller policies (start > programs > administrative tools > domain controller security policy) to state that these users can log on locally
  • 0

#6
Bruinaholic

Bruinaholic

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 162 posts
So if I want to control the way people or groups certain rights on a domain I have to use domain controller security policy or domain security policy. What is the purpose of AD then, please in 2000 server?
  • 0

#7
Bruinaholic

Bruinaholic

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 162 posts

ah...you're trying to log on to the SERVER as one of these users? that's not gonna work...well...without some modifications....by default in AD you can only log on to a domain controller as a member of the domain admins group...if you were logging on to another client machine that was joined to the domain...then the story would be different....for a user to be able to log on to the domain controller (like physically on that computer) you need to change the domain controller policies (start > programs > administrative tools > domain controller security policy) to state that these users can log on locally


I did what you said to do but when I try logging on locally I still get "the local policy of this system doesn't permit you to logon interactively" How do I fix this please?

TIA
  • 0

#8
Bruinaholic

Bruinaholic

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 162 posts
bump
  • 0

#9
Bruinaholic

Bruinaholic

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 162 posts
bump
  • 0

#10
dsenette

dsenette

    Je suis Napoléon!

  • Administrator
  • 26,019 posts
  • MVP
please don't bump your topics...it's kind of annoying....
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP