Windows Server 2003: Log in as a domain user, but unable to set permissions for domain users
2014-01
Phil
I have a very simple network that has one domain controller (Win Server 2003) and one other computer that is part of the domain (also Win Server 2003). This other computer will allow me to log in as a domain user, but when I am trying to set permissions on some shared folders, it won't let me set permissions for domain users; only local users.
I have tried specifying the domain of the user like NETWORKDOMAIN\domainuser and [email protected], but neither work. When I click on the Locations button, the name of the domain is left out and it only shows me the name of the local computer.
I have been able to do this before; I can't think of anything that's different. Is there a way to fix this? Is there a better way of going about things?
Phil
Here's the answer to the same question on serverfault.com.
cdkMoose
I had a Windows Server 2003 machine running at home, along with my desktop which I use for development. Server went belly up, but since my desktop is reasonably powerful, I figured I would move the disk from the file server (it was OK) into my XP machine to keep all of the files. Disk comes up fine and shows all of the files. I have been getting access denied errors when trying to work with some of the files. When I display attributes in Explorer, none of them are marked Read-Only. When I view properties on the directories, the Read-Only checkbox is not checked, but has a green background(which I thought meant mixed usage for files in the directory). When I click on the checkbox to clear it and click Apply, the disk does some work and all looks well. However, I continue to get the Access Denied errors, the files still don't show any Read-Only attribute and the directory properties shows the green background again on the Read-Only checkbox. I did check the box which says to apply the change to the folder and all files /subfilders under it.
I am assuming that the issue relates to userids/permissions carried over from the Server install. So, why does it let me think I can change the attribute when I can't and how can I correct this problem so that the disk correctly recognizes the ids from XP?
cdkMoose
I never could make SubInACL do what I wanted. I found what turned out to be a surprisingly simple solution. When I copied the files to a different partition which I formatted on the XP machine, my problems were gone. I was able to process the files in any way I chose, including some of the files which were SQL Server data and log files. I was able to attach the db to the instance of SQL Server 2005 on the XP machine with no problems.
I can only guess that the file owenrship and permissions on those files were tied to IDs that XP had no knowledge of, so any attempts to modify that must have been blocked. I'm wondering of SubInACL wouldn't reassign because it couldn't identify who was being removed.
user24728
Unfortunately the useful tool takeown doesn't seem to be on XP (not that I can find). What you can do is get the SubInACL tool and run the commands.
subinacl /subdirectories X:\*.* /setowner=user subinacl /subdirectories X:\*.* /grant=user=F
Replacing user with your username and X:\ with the drive letter the disk is mapped to.
Obviously do this at your own risk :)
quack quixote
Have you tried taking ownership of the files? You'll need Administrator privileges.
From WinXP's explorer, browse to the root of the drive, right-click on a folder or file, select Properties. Go to the Security tab, click Advanced. Go to the Owner tab. It should display the item's current owner, then give you a list of owners you can change to. Select your user ID in the selection box, check the box for "Replace owner on subcontainers and objects", and click OK.
You can probably do this from the commandline with cacls or another command. Unfortunately, WinXP doesn't include a takeown.exe command like Vista and Win7.