Guest Jake Posted August 26, 2007 Posted August 26, 2007 Hi, Some (infrequent) users within our network use their own notebooks to log on to our w2003 domain controller to access their home folders, shared resources like common files and printers. At the same time they have files in their local computer user account's 'My Documents' folder which they need to access (and modify) when logged in as domain users. However when logged in to a domain thay cannot access this local account's files. Can someone here provide an elegant solution on how to painlessly gain access to local account file resources when being logged on to a domain? Preferrably via GPOs or a script.. Thanks for any comment Jake
Guest Mathieu CHATEAU Posted August 26, 2007 Posted August 26, 2007 Re: Domain users need access to local computer files Hello, For security reason, you shouldn't let them do this, but anyway it's not your question. By default, users can't access other users's profile. You have two way: Make their domain user account local administrator. That's not a real issue, they already have a local admin account. Modify NTFS permission. I would do the first as it's less dirty and doesn't make a hole in the security (the hole is already there). -- Cordialement, Mathieu CHATEAU http://lordoftheping.blogspot.com "Jake" <jake44@gmail.com> wrote in message news:Od9UT175HHA.5160@TK2MSFTNGP05.phx.gbl... > Hi, > Some (infrequent) users within our network use their own notebooks to log > on to our w2003 domain controller to access their home folders, shared > resources like common files and printers. > > At the same time they have files in their local computer user account's > 'My Documents' folder which they need to access (and modify) when logged > in as domain users. However when logged in to a domain thay cannot access > this local account's files. > > Can someone here provide an elegant solution on how to painlessly gain > access to local account file resources when being logged on to a domain? > Preferrably via GPOs or a script.. > > Thanks for any comment > > Jake
Guest Jake Posted August 26, 2007 Posted August 26, 2007 Re: Domain users need access to local computer files Mathieu CHATEAU skrev: > Hello, > > For security reason, you shouldn't let them do this, but anyway it's not > your question. > > By default, users can't access other users's profile. You have two way: > Make their domain user account local administrator. That's not a real > issue, they already have a local admin account. > Modify NTFS permission. Hi, Thanks for the tip. How do I automate that a group of domain users should get local administrator rights...? Jake
Guest Mathieu CHATEAU Posted August 26, 2007 Posted August 26, 2007 Re: Domain users need access to local computer files You may use restricted groups in GPO to make them members of local administrators group. If you have a few, it would be more simple to do it manually. Don't mis choose the restricted group (you have two type), choose the "make member". The other empty the local admins group before adding yours. as always, test your gpo in a test OU with test computer before -- Cordialement, Mathieu CHATEAU http://lordoftheping.blogspot.com "Jake" <jake44@gmail.com> wrote in message news:eRDTWi95HHA.5796@TK2MSFTNGP05.phx.gbl... > Mathieu CHATEAU skrev: >> Hello, >> >> For security reason, you shouldn't let them do this, but anyway it's not >> your question. >> >> By default, users can't access other users's profile. You have two way: >> Make their domain user account local administrator. That's not a real >> issue, they already have a local admin account. >> Modify NTFS permission. > > Hi, > > Thanks for the tip. > > How do I automate that a group of domain users should get local > administrator rights...? > > Jake
Guest Jake Posted August 26, 2007 Posted August 26, 2007 Re: Domain users need access to local computer files Mathieu CHATEAU skrev: > You may use restricted groups in GPO to make them members of local > administrators group. > > If you have a few, it would be more simple to do it manually. > > Don't mis choose the restricted group (you have two type), choose the > "make member". The other empty the local admins group before adding yours. > > as always, test your gpo in a test OU with test computer before > OK, will try. Where exactly do I find the 'Restricted groups' in the GPO hives...? Other issues I should be aware of...? regards Jake
Guest Mathieu CHATEAU Posted August 26, 2007 Posted August 26, 2007 Re: Domain users need access to local computer files In the computer configuration, windows settings, restricted groups -- Cordialement, Mathieu CHATEAU http://lordoftheping.blogspot.com "Jake" <jake44@gmail.com> wrote in message news:uslnqWC6HHA.1212@TK2MSFTNGP05.phx.gbl... > Mathieu CHATEAU skrev: >> You may use restricted groups in GPO to make them members of local >> administrators group. >> >> If you have a few, it would be more simple to do it manually. >> >> Don't mis choose the restricted group (you have two type), choose the >> "make member". The other empty the local admins group before adding >> yours. >> >> as always, test your gpo in a test OU with test computer before >> > > OK, will try. Where exactly do I find the 'Restricted groups' in the GPO > hives...? > > Other issues I should be aware of...? > > regards > > Jake
Recommended Posts