Search Fails to Include Domain Global Group ACLs CorrectlyID: Q225073
|
When you configure Site Server Search to crawl files on a remote file server, where you have applied NTFS ACL permissions so that the stand-alone server's local group contains domain global groups, the results set that is returned to the domain user does not include these files, even though the domain user can successfully access the files through network shares.
Site Server Search records the ACLs of the files that it crawls and stores them locally in drive/Microsoft Site Server/Data/Search/Projects/catalogname/search/index
When a user queries this catalog, Search compares that user's access token SID against the ACLs allowed to access the file. If the permissions match, the file is displayed to the user in the results set.
Because the Search server checks ACLs against the groups that it has access to (for example, its own local groups or domain groups), it is unable to confirm a user's access rights by virtue of their domain group's membership in the remote computer's local group. Therefore, the results are not displayed.
To work around this problem, assign permissions to files using domain groups, rather than local groups. To do this, use the information specified in the Site Server 3.0 Search online documentation.
Additional query words:
Keywords :
Version : winnt:3.0
Platform : winnt
Issue type : kbprb
Last Reviewed: April 8, 1999