Domain Controller Help!

Networking, Wireless Routers (802.11 a/b/g/n/ac/ax WiFi), NAT, LAN configuration, equipment, cabling, hubs, switches, and general network discussion
Post Reply
User avatar
chugger93
Regular Member
Posts: 150
Joined: Wed Aug 28, 2002 9:27 am
Location: MI

Domain Controller Help!

Post by chugger93 »

Ok I messed up something big time and I could use a hand.

I was in AD, and opened up Domain controllers container which contains the computer name of my domain controller (fileserver)

I was in it setting up permissions for RIS, and denied everything on the Authenticated Users, because I was testing something. I didnt think authenticted users would jack up the Administrator account! (stupid me)

Of course now, I cant click on the FILESERVER computer, because I get this msg
THe specified directory service attribute or value does not exist.

I need to reset those permissions somehow! I tried delegation but that doesnt work!

ANy ideas?
Top
User avatar
chugger93
Regular Member
Posts: 150
Joined: Wed Aug 28, 2002 9:27 am
Location: MI

Post by chugger93 »

Ok it works kinda now. I can get to the security tab, however I still get that error msg. Authenticated Users has all permissions now like it was before. Now why would I get that error msg still though
Top
User avatar
koldchillah
Senior Member
Posts: 4629
Joined: Thu Apr 04, 2002 1:45 pm
Location: Orlando

Post by koldchillah »

Someone please correct me if I'm wrong, but you shouldn't have to give authenticated users full control. If you are logged on with a domain admin account, the permissions for 'authenticated users' should not apply b/c you are receiving higher permissions from the domain admin group.

The 'authenticated users' permissions apply to anyone who is authenticated on the domain but NOT explicitly assigned permissions via another group.

Have you logged off/on again? Anything funky showing up in the event logs relating to this error your getting?
"Nobody's invincible, no plan is foolproof, We all must meet our moment of truth." - Guru
Top
Tekmazter
New Member
Posts: 11
Joined: Thu Feb 10, 2005 9:31 am

Post by Tekmazter »

koldchillah wrote:Someone please correct me if I'm wrong, but you shouldn't have to give authenticated users full control. If you are logged on with a domain admin account, the permissions for 'authenticated users' should not apply b/c you are receiving higher permissions from the domain admin group.

The 'authenticated users' permissions apply to anyone who is authenticated on the domain but NOT explicitly assigned permissions via another group.

Have you logged off/on again? Anything funky showing up in the event logs relating to this error your getting?
There's actually a couple different strategies being used with this group. In the Windows 2000 operating system groups such as Everyone and Authenticated Users whose membership is automatically configured by the operating system are not used to assign permissions. They are controlled specifically by the OS. So, in the case of koldchillah's statement, I would say he's right.

HOWEVER:

It has become more common place for admins to use the Authenticated user group to assign NTFS permissions rather than using the EVERYONE group. This is because EVERYONE includes null sessions which of course aren't authenticated. In terms of the orginal question however, I do not believe you should be granting FULL CONTROL to the Authenticated Users group here.
Top
Post Reply

Return to “Networks and Wireless Routers”