| Author |
Message |
Math
Guest
|
 Posted:
Mon Oct 17, 2005 8:51 am Post subject:
[Win2003Server] Lost local accounts on domain controler |
|
|
Hi,
I have a windows 2003 based server who's part of a domain, and who is a
domain controler itself.
My problem is the following: when trying to modify security settings on a
folder, i can't get the local accounts of the server. The only proposed
accounts are the domain accounts.
Any idea to recover those accounts?
Help much appriciated ;) |
|
| Back to top |
|
 |
Paul Adare
Guest
|
| Posted:
Mon Oct 17, 2005 12:50 pm Post subject:
Re: [Win2003Server] Lost local accounts on domain controler |
|
|
In article <43538986$0$8062$4d4eb98e@read.news.fr.uu.net>, in the
microsoft.public.windows.server.security news group, Math
<mPOINTherr@renfeld.com> says...
| Quote: | simply type NETWORK SERVICE into the appropriate text
box. When you click Check Names you'll see that it will resolve
correctly.
I did try to do this, but didn't succeed: windows didn't find the user...
(i'm sure of the name syntax)
Notice that the only place available to search in is the domain.
|
In the Select USers, Computers, or Groups dialog box the default in the
Select this object type box should be Users, Groups, or Built-in
security principals which should allow NETWORK SERVICE to resolve when
you type it in the Enter the object names to select box.
As for the IIS question, you might want to post your question in one of
the IIS news groups.
--
Paul Adare
MVP - Windows - Virtual Machine
http://www.identit.ca/blogs/paul/
"The English language, complete with irony, satire, and sarcasm, has
survived for centuries without smileys. Only the new crop of modern
computer geeks finds it impossible to detect a joke that is not clearly
labeled as such."
Ray Shea |
|
| Back to top |
|
|
Math
Guest
|
| Posted:
Mon Oct 17, 2005 12:50 pm Post subject:
Re: [Win2003Server] Lost local accounts on domain controler |
|
|
| Quote: | I think that maybe you've got a basic lack of understanding of how
permissions work in a Windows Server environment.
Yes, that is why I'm asking before acting and messing up |
| Quote: | simply type NETWORK SERVICE into the appropriate text
box. When you click Check Names you'll see that it will resolve
correctly.
I did try to do this, but didn't succeed: windows didn't find the user... |
(i'm sure of the name syntax)
Notice that the only place available to search in is the domain.
| Quote: | It might help if you
describe what exactly you're trying to accomplish here
I'd like to permit an iis application on SERVERXX1 to access with write |
permission a folder on SERVERXX2.
Considering that the user running my iis application is IUSR_SERVERXX1, i'd
like to permit this specific user to access the folder on SERVERXX2
Mathieu
"Paul Adare" <padare@newsguy.com> a écrit dans le message de news:
MPG.1dbd4759a42255fd989ec3@msnews.microsoft.com...
| Quote: | In article <435375ef$0$8056$4d4eb98e@read.news.fr.uu.net>, in the
microsoft.public.windows.server.security news group, Math
mPOINTherr@renfeld.com> says...
Thank you Steve for your explanation.
However, on some folders the server's "NT AUTHORITY\NETWORK SERVICE" user
(for instance) is still present in the security tab, but not listed in
the
domain available users when searching the available users. Is it a
special
kind of users? If yes, how can I set this user in a folder security
configuration on the same server?
You won't find this account when searching the domain as it is not a
domain account, it is a builtin account. When adding to the DACL of a
folder, even on a domain controller, if you want to use the NETWORK
SERVICE account, simply type NETWORK SERVICE into the appropriate text
box. When you click Check Names you'll see that it will resolve
correctly.
Maybe should I create this user for the whole Domain?
No, this won't do any good.
Another related question:
I have another windows 2003 based server named MYSERVERXXX (for
instance),
who is part of the domain, but is not a domain controller.
When modifying a folder's security configuration on another domain member
server, I can't find the IUSR_MYSERVERXXX user.
That's because this account is a local account. It only scopes to the
computer that IIS is installed on and can't be used anywhere else but on
that server.
Do I need to promote MYSERVERXXX to a domain controller in order to get
this
user on a other domain member server?
I think that maybe you've got a basic lack of understanding of how
permissions work in a Windows Server environment. It might help if you
describe what exactly you're trying to accomplish here. Whatever that
maybe, you're obviously not approaching it in the right way.
--
Paul Adare
MVP - Windows - Virtual Machine
http://www.identit.ca/blogs/paul/
"The English language, complete with irony, satire, and sarcasm, has
survived for centuries without smileys. Only the new crop of modern
computer geeks finds it impossible to detect a joke that is not clearly
labeled as such."
Ray Shea |
|
|
| Back to top |
|
|
Paul Adare
Guest
|
| Posted:
Mon Oct 17, 2005 12:50 pm Post subject:
Re: [Win2003Server] Lost local accounts on domain controler |
|
|
In article <435375ef$0$8056$4d4eb98e@read.news.fr.uu.net>, in the
microsoft.public.windows.server.security news group, Math
<mPOINTherr@renfeld.com> says...
| Quote: | Thank you Steve for your explanation.
However, on some folders the server's "NT AUTHORITY\NETWORK SERVICE" user
(for instance) is still present in the security tab, but not listed in the
domain available users when searching the available users. Is it a special
kind of users? If yes, how can I set this user in a folder security
configuration on the same server?
|
You won't find this account when searching the domain as it is not a
domain account, it is a builtin account. When adding to the DACL of a
folder, even on a domain controller, if you want to use the NETWORK
SERVICE account, simply type NETWORK SERVICE into the appropriate text
box. When you click Check Names you'll see that it will resolve
correctly.
| Quote: |
Maybe should I create this user for the whole Domain?
|
No, this won't do any good.
| Quote: |
Another related question:
I have another windows 2003 based server named MYSERVERXXX (for instance),
who is part of the domain, but is not a domain controller.
When modifying a folder's security configuration on another domain member
server, I can't find the IUSR_MYSERVERXXX user.
|
That's because this account is a local account. It only scopes to the
computer that IIS is installed on and can't be used anywhere else but on
that server.
| Quote: |
Do I need to promote MYSERVERXXX to a domain controller in order to get this
user on a other domain member server?
|
I think that maybe you've got a basic lack of understanding of how
permissions work in a Windows Server environment. It might help if you
describe what exactly you're trying to accomplish here. Whatever that
maybe, you're obviously not approaching it in the right way.
--
Paul Adare
MVP - Windows - Virtual Machine
http://www.identit.ca/blogs/paul/
"The English language, complete with irony, satire, and sarcasm, has
survived for centuries without smileys. Only the new crop of modern
computer geeks finds it impossible to detect a joke that is not clearly
labeled as such."
Ray Shea |
|
| Back to top |
|
|
Math
Guest
|
| Posted:
Mon Oct 17, 2005 12:50 pm Post subject:
Re: [Win2003Server] Lost local accounts on domain controler |
|
|
Thank you Steve for your explanation.
However, on some folders the server's "NT AUTHORITY\NETWORK SERVICE" user
(for instance) is still present in the security tab, but not listed in the
domain available users when searching the available users. Is it a special
kind of users? If yes, how can I set this user in a folder security
configuration on the same server?
Maybe should I create this user for the whole Domain?
Another related question:
I have another windows 2003 based server named MYSERVERXXX (for instance),
who is part of the domain, but is not a domain controller.
When modifying a folder's security configuration on another domain member
server, I can't find the IUSR_MYSERVERXXX user.
Do I need to promote MYSERVERXXX to a domain controller in order to get this
user on a other domain member server?
Thanks again for your answers ;)
Mathieu
"Steven L Umbach" <n9rou@nospam-comcast.net> a écrit dans le message de
news: ek2sDfv0FHA.1564@tk2msftngp13.phx.gbl...
| Quote: | There are no local user accounts on a domain controller other than the
built in administrator account that was created when you used dcpromo to
promote the server to a domain controller and is only available in
Directory Services Restore Mode or for Recovery Console. All other local
accounts were deleted when you promoted it to a domain controller. Local
accounts do exist and can be created on other domain members. -- Steve
"Math" <mPOINTherr@renfeld.com> wrote in message
news:4353547f$0$8056$4d4eb98e@read.news.fr.uu.net...
Hi,
I have a windows 2003 based server who's part of a domain, and who is a
domain controler itself.
My problem is the following: when trying to modify security settings on a
folder, i can't get the local accounts of the server. The only proposed
accounts are the domain accounts.
Any idea to recover those accounts?
Help much appriciated ;)
|
|
|
| Back to top |
|
|
Steven L Umbach
Guest
|
| Posted:
Mon Oct 17, 2005 12:50 pm Post subject:
Re: [Win2003Server] Lost local accounts on domain controler |
|
|
There are no local user accounts on a domain controller other than the built
in administrator account that was created when you used dcpromo to promote
the server to a domain controller and is only available in Directory
Services Restore Mode or for Recovery Console. All other local accounts were
deleted when you promoted it to a domain controller. Local accounts do exist
and can be created on other domain members. -- Steve
"Math" <mPOINTherr@renfeld.com> wrote in message
news:4353547f$0$8056$4d4eb98e@read.news.fr.uu.net...
| Quote: | Hi,
I have a windows 2003 based server who's part of a domain, and who is a
domain controler itself.
My problem is the following: when trying to modify security settings on a
folder, i can't get the local accounts of the server. The only proposed
accounts are the domain accounts.
Any idea to recover those accounts?
Help much appriciated ;)
|
|
|
| Back to top |
|
|
Math
Guest
|
| Posted:
Mon Oct 17, 2005 4:51 pm Post subject:
Re: [Win2003Server] Lost local accounts on domain controler |
|
|
Paul
I did exactly what you said (In the Select USers, Computers, or Groups
dialog box the default in the Select this object type box should be Users,
Groups, or Built-in security principals), without success.
Notice that on another server, which is not a domain controler, typing only
"NETWORK SERVICE" works, but in the Select USers, Computers, or Groups
dialog box, I must have "Computers" too, and in "Places" I must have choosen
"MyServerName".
Mathieu
"Paul Adare" <padare@newsguy.com> a écrit dans le message de news:
MPG.1dbd568d859cb726989ec4@msnews.microsoft.com...
| Quote: | In article <43538986$0$8062$4d4eb98e@read.news.fr.uu.net>, in the
microsoft.public.windows.server.security news group, Math
mPOINTherr@renfeld.com> says...
simply type NETWORK SERVICE into the appropriate text
box. When you click Check Names you'll see that it will resolve
correctly.
I did try to do this, but didn't succeed: windows didn't find the user...
(i'm sure of the name syntax)
Notice that the only place available to search in is the domain.
In the Select USers, Computers, or Groups dialog box the default in the
Select this object type box should be Users, Groups, or Built-in
security principals which should allow NETWORK SERVICE to resolve when
you type it in the Enter the object names to select box.
As for the IIS question, you might want to post your question in one of
the IIS news groups.
--
Paul Adare
MVP - Windows - Virtual Machine
http://www.identit.ca/blogs/paul/
"The English language, complete with irony, satire, and sarcasm, has
survived for centuries without smileys. Only the new crop of modern
computer geeks finds it impossible to detect a joke that is not clearly
labeled as such."
Ray Shea |
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in