Windows Server 2016 Permissions Errors

Started by Slappy, July 26, 2017, 12:11:52 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Slappy

We recently had a new server installed for the Graphics/Prepress Dept, fast as balls & running Windows Server 2016. As I understand it, the IT Company cloned the old one (an older Windows Server box) then set up User Groups to maintain some leerl of access to certain areas. All was well the first few days, now it's devolved into a daily fight to read/write work on the new server. Of the many issues, these are the most common from the Mac stations:

– Opening InDesign docs results in them being Read Only, regardless of who initially created it and is opening it.
    - Re-saving that doc on the Desktop them overwriting to the server file doesn't work. We can rename the server file and even move it into a subfolder but deleting it gives a Permissions error, or "File sis in use by another Application, etc" message.

– Sometimes the InDesign doc opens fine, but once changed, can't re-save it to the server location. More permissions errors

– I've started seeing today, Illy files opened from the server location are leaving Temp Acrobat files behind, often several of them depending on how many times the Illy file was opened from that location

The IT guys have remoted in & made sure all the Users in the Group have the same Read/Write Permissions and they've apparently re-set the Permissions on the entire server Directory & sub-folders we access. Every day I've come in though, I get the exact same problems.

Macs in the dept running 10.12 and connecting via SMB, although they had me try a CIFS connection that didn't make a difference. I thought Windows Server was playing nicer with Mac file types & in general so not sure where the issue lies but has anybody else seen this level of stupid?
A little diddie 'bout black 'n cyan...two reflective colors doin' the best they can.

mattbeals

Bind your Mac's to the active directory and sign into your mac's with domain user accounts.

You have a conflict of local Mac accounts, domain share permissions. Signing into the Mac as the domain user eliminates the problem.
Matt Beals

Everything I say is my own personal opinion and has nothing to do with my employer or their views.

Slappy

Pretty sure that's what we're doing. We all have unique connection usernames and passwords. I'll double-check, maybe my machine is reverting some how but I don't think there's any other way to connect since it's a brand new box.
A little diddie 'bout black 'n cyan...two reflective colors doin' the best they can.

mattbeals

/System/Library/CoreServices/Applications/Directory\ Utility.app will tell you if you are bound to AD.

Also Users & Groups preferences under "Login Options" under "Network Account Server".
Matt Beals

Everything I say is my own personal opinion and has nothing to do with my employer or their views.

Slappy

Oooohhhhhh! These? I'm going to have the IT Company remote in & change them but thank you thank you thank you thank you thank you thank you!!!!!
A little diddie 'bout black 'n cyan...two reflective colors doin' the best they can.

Slappy

So we made all those changes & it really hasn't helped anything. I wonder if I have to Log In locally under that Domain User, then migrate ALL my Apps, data etc. over to the new User on the Mac? I seriously hope not, I'd be duping a lot of crap just to access a server and all the Mac workstations would have to do the same.
A little diddie 'bout black 'n cyan...two reflective colors doin' the best they can.

Joe

I read something about Active Directory should not have the same user name/password as your iCloud account because that causes some issues. Not sure if it is related or applies to your situation but thought I would throw that out there.
Mac OS Sonoma 14.2.1 (c) | (retired)

The seven ages of man: spills, drills, thrills, bills, ills, pills and wills.

Slappy

Don't think we even set up iCloud on these machines. I don't get what the problem is, back to the drawing board I suppose.
A little diddie 'bout black 'n cyan...two reflective colors doin' the best they can.

mattbeals

I have iCloud setup on my Mac's and my Mac's are part of the active directory AND I log into my Mac's with my active directory credentials. That's how you get the permissions fixed, log into your Mac with your AD credentials. You can deal with the pain of migrating over to the new user account or you can deal with the pain of permissions problems. It's pain either way...
Matt Beals

Everything I say is my own personal opinion and has nothing to do with my employer or their views.

Slappy

Totally NOT what I wanted to hear, and I have to wonder why the IT Guys didn't spell that out when all the installs & upgrades were taking place. Oh, probably because I'm learning they have NO fucking clue how Macs & Windows Servers need to be configured for a functional environment.

Now I have to come in this weekend and handle at least setting up my workstation like that, before we can do the others in the dept.  :banghead:  :banghead:  :banghead:
A little diddie 'bout black 'n cyan...two reflective colors doin' the best they can.

Ear

The problem with non-production IT personnel is they don't have a lot of practical, user knowledge or experience. Getting 2 machines to connect and using them in an actual working environment can be very different. This is why no mere IT person will ever touch my network. It would be like one of the quick lube jockeys rebuild a race engine.
"... profile says he's a seven-foot tall ex-basketball pro, Hindu guru drag queen alien." ~Jet Black

mattbeals

Quote from: Slappy on August 04, 2017, 12:36:49 PMTotally NOT what I wanted to hear, and I have to wonder why the IT Guys didn't spell that out when all the installs & upgrades were taking place. Oh, probably because I'm learning they have NO fucking clue how Macs & Windows Servers need to be configured for a functional environment.

Now I have to come in this weekend and handle at least setting up my workstation like that, before we can do the others in the dept.  :banghead:  :banghead:  :banghead:

All you need to do is to log into the Mac with the AD credentials and teat several jobs/functions/etc. You do not yet need to go through all the BS of reconfiguring your Mac just yet.
Matt Beals

Everything I say is my own personal opinion and has nothing to do with my employer or their views.

Joe

Shouldn't be that big of a deal to create a new user. The apps will still be there in the Applications folders. You would just need to copy your user account data from one account to the other.
Mac OS Sonoma 14.2.1 (c) | (retired)

The seven ages of man: spills, drills, thrills, bills, ills, pills and wills.

Slappy

Quote from: mattbeals on August 05, 2017, 01:13:33 AM
Quote from: Slappy on August 04, 2017, 12:36:49 PMTotally NOT what I wanted to hear, and I have to wonder why the IT Guys didn't spell that out when all the installs & upgrades were taking place. Oh, probably because I'm learning they have NO fucking clue how Macs & Windows Servers need to be configured for a functional environment.

Now I have to come in this weekend and handle at least setting up my workstation like that, before we can do the others in the dept.  :banghead:  :banghead:  :banghead:

All you need to do is to log into the Mac with the AD credentials and teat several jobs/functions/etc. You do not yet need to go through all the BS of reconfiguring your Mac just yet.
Well, I did just that Friday afternoon - same results. I checked in the User Login to make sure it logged in properly to the server and it had but making a new InDesign doc on the server, the re-opening it the doc was Read Only. Also couldn't delete from the server sooooooooo...

Back in their court.
A little diddie 'bout black 'n cyan...two reflective colors doin' the best they can.

baritone

Are you using samba or zip-ip? are the users setup in the group for the right permissions?