Darksat IT Security Forums
September 18, 2019, 05:48:31 pm
Welcome, Guest. Please login or register.

Login with username, password and session length
News: Darksat IT Security Forum
From Firewall Support, AntiVirus Questions, Spyware problems, Linux and Windows Security, Black Hat SEO right down to Website Design and Multimedia
  Home Help Search Gallery Links Staff List Login Register  

Access Rights are not Implemented

Pages: [1]
Author Topic: Access Rights are not Implemented  (Read 1563 times)
Posts: 42

View Profile
« on: June 13, 2008, 07:57:24 am »

Hi guyz,

I am implementing access rights on the shared folders. The folder is placed on our server where AD and server 2003 is installed. Now I have noticed that when I assigned the rights for a particular user It did not implemented on the same time and I have to go onto the user's machine and run the command "net user * /d" after that the access right for that particular user were implemented.

Please tell me why it’s happening and how to avoid this problem
Report Spam   Logged

Posts: 123

View Profile
« Reply #1 on: June 17, 2008, 08:17:29 am »

I believe I could help you, but I'm not understanding what your question is... Are you saying that after changing the ACL the client isn't able to access the shared folder until you use `net use`? or is it something different? The wording is throwing me for a loop here :p Rephrase if possible.
Report Spam   Logged
Posts: 42

View Profile
« Reply #2 on: June 18, 2008, 12:01:28 am »

Well Joygasm,

I was talking about the both cases for example if i made a new group in the ACL and added a particular user in that group and I defined "Read/Write" access right to that group the new access rights were not implemented until I went on the user's system and used the "net use * /d" command.
Report Spam   Logged
Posts: 3303

View Profile WWW
« Reply #3 on: June 18, 2008, 08:48:40 am »

As far as I am aware windows normall checks the access rights in Active Directory at startup or every 5-90 minutes depending on machines, setups, etc.

Your running a FAT system correct?
FAT cant contain ACL info so the info is checked from Active Directory at startup or at regular intervals and saved locally.

Some stuff i think should help.

The Group Policy Settings are refreshed as per the interval configured in the Group Policy for client computers, member servers and domain controllers. You can use the following command line tools to refresh the Group Policy Settings on remote computer. You need to log on to the computer manually and then perform the action suggested below:

For Windows XP computers:

    * Gpupdate.exe /Target:User /force
    * Gpupdate.exe /Target:Computer /force

For Windows 2000 computers:

    * Secedit.exe /refreshpolicy user_policy
    * Secedit.exe /refreshpolicy machine_policy

To refresh the policy on remote computer or computers you can use the following script to do so:

   1. Create a ComputerList.txt
   2. Put all the remote computers in the Text file.
   3. Use the Psexec.exe tool to execute the command remotely.

For Windows XP Computers:

Psexec.exe -@ComputerList.txt Gpupdate.exe /Target:User /force

Psexec.exe -@ComputerList.txt Gpupdate.exe /Target:Computer /force

For Windows 2000 Computers:

Psexec.exe -@ComputerList.txt secedit.exe /refreshpolicy user_policy

Psexec.exe -@ComputerList.txt secedit.exe /refreshpolicy machine_policy

The above Psexec.exe command will run on all the computers specified in the ComputerList.txt.

You can also use the following script to check the version of Operating System and then issue the command:

@echo off

XPGPORef1=gpupdate.exe /Target:User /force

XPGPORef2=gpupdate.exe /Target:Computer /force

Win2kGPORef1=secedit.exe /refreshpolicy user_policy

Win2kGPORef2=secedit.exe /refreshpolicy machine_policy

For /f “Tokens=*” %%a in (ComputerList.txt) Do (

SET Comp_name=%%a

Ver.exe \\%comp_name% > Hostver.txt

Find /I “XP” < Hostver.txt > CheckCC.txt

IF %errorlevel% == 0 (

Psexec.exe \\%comp_name% Gpupdate.exe /Target:User /force

Psexec.exe \\%comp_name% Gpupdate.exe /Target:Computer /force

) ELSE (

Psexec.exe \\%comp_name% secedit.exe /refreshpolicy user_policy

Psexec.exe \\%comp_name% secedit.exe /refreshpolicy machine_policy



The above script will check the Operating System version by executing Ver.exe on remote computer and then run the appropriate commands to refresh the Group Policy Objects.



To change the trust policy refresh period

Click Start, point to Administrative Tools, and then click Active Directory Federation Services.

Right-click Trust Policy, and then click Properties.

Scroll to the Advanced tab, and then click the Advanced tab.

In Trust policy refresh period (minutes), type or scroll to a new number of minutes, and then click OK.
Hope this helps.

« Last Edit: June 18, 2008, 09:07:54 am by Darksat » Report Spam   Logged

Pages: [1]
Jump to:  

Powered by EzPortal
eXTReMe Tracker
Security Forum
Bookmark this site! | Upgrade This Forum
SMF For Free - Create your own Forum

Powered by SMF | SMF © 2016, Simple Machines
Privacy Policy
Page created in 0.031 seconds with 13 queries.