|
Posted by =?Utf-8?B?SVQgR3V5?= on September 7, 2005, 2:58 pm
If you were Registered and logged in, you could reply and use other advanced thread options
We have a problem that's been nagging us for a few weeks now. A domain user
has been assigned to the print operators group to administer printers for our
domain. Unfortunately, the user can read but not modify printer properties.
I discovered while reviewing effective permissions on individual printer
objects that the user has read only privileges when viewed from either my
local workstation ADUC or a member server ADUC but full control when viewed
from ADUC on any of our DCs. The Print Operators group has full control
under effective permissions when viewed either way.
We are running a Windows 2003 domain with 3 domain controllers. I have run
gpupdate /force but still see the conflicting effective permissions. I am
able to add objects, modify permissions, etc. from both DC and non-DC ADUCs
and have those changes replicate successfully.
Presumably the TRUELY effective permissions are the ones that I am seeing
from non-DC ADUCs because the user is not able to modify printers. Any ideas
why the users effective permissions would be different depending on where I
view them from? Any ideas on why the effective permissions being shown on DC
ADUCs are not working? Thanks!
| 
XML site map