I have a network consisting of an NT Domain controller which authenticates
users. I also have a Windows 2000 server which runs the primary application
the company runs uses for accounting, order entry etc. I have just set up a
new employee PC on the network with Windows XP Pro SP2. I map a drive to the
Win2K server so this user can access the application. I have set full
control permissions for everyone on the server share that I have mapped from
the PC. BTY, the PC has been joined to the domain and the user logs onto the
domain when logging in. If I log in from the new user PC as the domain
administrator, I can access the application. BUT if I log in as the user,
the user is denied access to the application. I have even tried adding the
user to the administrators group. Any idea what I am missing. Has to be a
permissions issue on either the client side or the server side ... or maybe a
local policy???

Thanks!!
--
TR

"Leythos" > wrote in message
...
> In article >,
> says...
>> If I log in from the new user PC as the domain
>> administrator, I can access the application. BUT if I log in as the
>> user,
>> the user is denied access to the application. I have even tried adding
>> the
>> user to the administrators group. Any idea what I am missing. Has to be
>> a
>> permissions issue on either the client side or the server side ... or
>> maybe a
>> local policy???
>
> Open the LOCAL group, not on the domain, the one on the local computer,
> and make DOMAIN USERS part of the "local" administrators group. Keep in
> mind that this will give every domain account full administrator access
> on the local computer (not in the domain), then go back and remove the
> user from the servers DOMAIN Users Administrators group.
>
>
> --
> --
>
> (Remove 999 to reply to me)

If the share is on the server... local admin of PC won't help

"Tomr" > wrote in message
...
>I have a network consisting of an NT Domain controller which authenticates
> users. I also have a Windows 2000 server which runs the primary
> application
> the company runs uses for accounting, order entry etc. I have just set up
> a
> new employee PC on the network with Windows XP Pro SP2. I map a drive to
> the
> Win2K server so this user can access the application. I have set full
> control permissions for everyone on the server share that I have mapped
> from
> the PC. BTY, the PC has been joined to the domain and the user logs onto
> the
> domain when logging in. If I log in from the new user PC as the domain
> administrator, I can access the application. BUT if I log in as the user,
> the user is denied access to the application. I have even tried adding
> the
> user to the administrators group. Any idea what I am missing. Has to be
> a
> permissions issue on either the client side or the server side ... or
> maybe a
> local policy???
>
> Thanks!!
> --
> TR

Is the problem with the application, or with connecting to the share? i.e.
can the user access the share and read/write to files at that location?

You mentioned full control on the SHARE. What about the NTFS permissions on
the folder on the server (generally, the practice is to leave Share
permissions at the default and do your access controls through the
filesystem access control list)

Yes the user can access the share from their XP Pro PC. Can see all files.
I have I have checked to make sure read only attribute box is not checked.
When the SHARE was set, I clicked on the Permissions button and made sure
everyone had full control. To be honest, I'm not sure what you mean ...
(generally, the practice is to leave Share permissions at the default and do
your access controls through the filesystem access control list)

Thanks

Colin Nash [MVP]" wrote:

>
> "Tomr" > wrote in message
> ...
> >I have a network consisting of an NT Domain controller which authenticates
> > users. I also have a Windows 2000 server which runs the primary
> > application
> > the company runs uses for accounting, order entry etc. I have just set up
> > a
> > new employee PC on the network with Windows XP Pro SP2. I map a drive to
> > the
> > Win2K server so this user can access the application. I have set full
> > control permissions for everyone on the server share that I have mapped
> > from
> > the PC. BTY, the PC has been joined to the domain and the user logs onto
> > the
> > domain when logging in. If I log in from the new user PC as the domain
> > administrator, I can access the application. BUT if I log in as the user,
> > the user is denied access to the application. I have even tried adding
> > the
> > user to the administrators group. Any idea what I am missing. Has to be
> > a
> > permissions issue on either the client side or the server side ... or
> > maybe a
> > local policy???
> >
> > Thanks!!
> > --
> > TR
>
> Is the problem with the application, or with connecting to the share? i.e.
> can the user access the share and read/write to files at that location?
>
> You mentioned full control on the SHARE. What about the NTFS permissions on
> the folder on the server (generally, the practice is to leave Share
> permissions at the default and do your access controls through the
> filesystem access control list)
>
>
>
>

"Tomr" > wrote in message
...
> Yes the user can access the share from their XP Pro PC. Can see all
> files.
> I have I have checked to make sure read only attribute box is not checked.
> When the SHARE was set, I clicked on the Permissions button and made sure
> everyone had full control. To be honest, I'm not sure what you mean ...
> (generally, the practice is to leave Share permissions at the default and
> do
> your access controls through the filesystem access control list)
>
> Thanks
>
> Colin Nash [MVP]" wrote:
>


By filesystem (NTFS) permissions, I mean right clicking on the shared folder
and going to the permissions tab. However, if the user is able to go into
the share and access files then this is probably already OK.

What happens when the user tries to launch the app? What's the exact error
message and at what point does it occur?

Now, it is working. I have emailed their network person to find out if he
made any changes. He and I spoke this morning, but he has been aware of the
problem and did not have an answer. Maybe he did some more digging after we
spoke. I have emailed him. I'm very curious ... and will let you know when
I find out.

"Tomr" wrote:

> Yes the user can access the share from their XP Pro PC. Can see all files.
> I have I have checked to make sure read only attribute box is not checked.
> When the SHARE was set, I clicked on the Permissions button and made sure
> everyone had full control. To be honest, I'm not sure what you mean ...
> (generally, the practice is to leave Share permissions at the default and do
> your access controls through the filesystem access control list)
>
> Thanks
>
> Colin Nash [MVP]" wrote:
>
> >
> > "Tomr" > wrote in message
> > ...
> > >I have a network consisting of an NT Domain controller which authenticates
> > > users. I also have a Windows 2000 server which runs the primary
> > > application
> > > the company runs uses for accounting, order entry etc. I have just set up
> > > a
> > > new employee PC on the network with Windows XP Pro SP2. I map a drive to
> > > the
> > > Win2K server so this user can access the application. I have set full
> > > control permissions for everyone on the server share that I have mapped
> > > from
> > > the PC. BTY, the PC has been joined to the domain and the user logs onto
> > > the
> > > domain when logging in. If I log in from the new user PC as the domain
> > > administrator, I can access the application. BUT if I log in as the user,
> > > the user is denied access to the application. I have even tried adding
> > > the
> > > user to the administrators group. Any idea what I am missing. Has to be
> > > a
> > > permissions issue on either the client side or the server side ... or
> > > maybe a
> > > local policy???
> > >
> > > Thanks!!
> > > --
> > > TR
> >
> > Is the problem with the application, or with connecting to the share? i.e.
> > can the user access the share and read/write to files at that location?
> >
> > You mentioned full control on the SHARE. What about the NTFS permissions on
> > the folder on the server (generally, the practice is to leave Share
> > permissions at the default and do your access controls through the
> > filesystem access control list)
> >
> >
> >
> >