This is the mail archive of the cygwin@sources.redhat.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

RE: Some domain groups not found by 'mkgroup --domain'


NT 4's domain model has three types of groups (from memory - if I have a
little bit muddled, well it's been 2 years since I had to remember the
definition :-\):
Domain Global groups - these groups can be access outside of the domain,
and cannot contain other groups. An example is "DOMAINNAME\Domain
Administrators"
Domain Local groups - these groups are local to the Domain Controllers.
They can contain global groups. They cannot contain local groups. An
example is "DOMAINNAME\Administrators". 
Member Local groups - these groups are local to each workstation. They
can contain global groups, but cannot contain local groups. An example
is "MEMBERSERVER\Administrators"

Now IIRC Domain local groups can be assigned permissions to resources on
member servers, even though they cannot be placed in groups. However the
recommendation from MS is to place global groups in the member servers
local groups and then assign permissions to the local groups.

Note that the groups names _have_ to be qualified with the domain or you
will collide the inbuilt groups - guests/administrators...

Rob


> -----Original Message-----
> From: Rick Rankin [mailto:rick_rankin@yahoo.com]
> Sent: Thursday, 9 November 2000 4:53 AM
> To: Larry Hall (RFK Partners, Inc); Cygwin
> Subject: Re: Some domain groups not found by 'mkgroup --domain'
> 
> 
> No, these groups are different. They are domain groups, yet 
> there seems to be a
> distinction between a "global" domain group and a "local" 
> domain group. These
> "local" domain groups do not show up with either 'mkgroup -d' 
> or 'mkgroup -l'.
> 
> Sorry, I should have been more specific.
> 
> Rick Rankin
> rick_rankin@yahoo.com
> 
> --- "Larry Hall (RFK Partners, Inc)" <lhall@rfk.com> wrote:
> > At 12:56 PM 11/8/2000, Rick Rankin wrote:
> > >On our NT domain, there are apparently some "local" groups 
> and some "global"
> > >groups. Right now, I don't know what the distinction is, 
> but most of the
> > groups
> > >on our domain seem to be defined as local. Unfortunately, 
> 'mkgroup -d' only
> > >picks up the ones that are defined as global, and most 
> people belong to
> > local
> > >groups.
> > >
> > >Is there are reason mkgroup only shows the global groups? 
> (I hope this makes
> > >some sense; I'm not sure how else to explain it.)
> > >
> > >Thanks,
> > >
> > >Rick Rankin
> > >rick_rankin@yahoo.com
> > 
> > 
> > 
> > Have you looked at mkgroup --help?  mkgroup -l will give 
> you local groups.
> > 
> > 
> > 
> > Larry Hall                              lhall@rfk.com
> > RFK Partners, Inc.                      http://www.rfk.com
> > 118 Washington Street                   (508) 893-9779 - RFK Office
> > Holliston, MA 01746                     (508) 893-9889 - FAX
> > 
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Thousands of Stores.  Millions of Products.  All in one Place.
> http://shopping.yahoo.com/
> 
> --
> Want to unsubscribe from this list?
> Send a message to cygwin-unsubscribe@sourceware.cygnus.com
> 
> 

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]