Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. FrontPage Server Extensions and SharePoint Team Services cannot add local groups to roles

FrontPage Server Extensions and SharePoint Team Services cannot add local groups to roles

View products that this article applies to.

This article was previously published under Q321442

↑ Back to the top

Symptoms

When you try to add a local group to a role by using the Microsoft FrontPage Server Extensions or SharePoint Team Services from Microsoft administration Web pages, you receive the following error message:
The group "computer name\group name" cannot be added to the role(s) "role name" since Windows does not allow local groups to be nested.

↑ Back to the top

Cause

FrontPage Server Extensions and SharePoint Team Services create local groups for each role defined on a web. When you add users or groups to a role, the administration tools try to add all accounts to these local groups. Because Windows does not allow local groups to be nested, you receive the error message when you try to add a local group to a role.

↑ Back to the top

Workaround

To work around this issue, use either of the following methods:
  • Add only user accounts, system groups, or domain groups to FrontPage or SharePoint Team Services roles.

    Note If the server that is using the FrontPage Server Extensions or SharePoint Team Services is a Domain Controller, you will see the same error message that is listed in the "Symptoms" section of this article if you try to add a domain group to a role.
  • Disable the creation of local groups by the Server Extensions. To do this, follow these steps:
    1. Click Start, and then click Run. In the Open box, type regedit.exe, and then press ENTER.
    2. In Registry Editor, locate and select the following subkey (folder):
      HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\All Ports
    3. On the Edit menu, point to New, and then click String Value.
    4. Type NoMachineGroups and then press ENTER to name the value.
    5. Double-click the new value to edit it.
    6. In the Value data box, type 1, and then click OK.
    7. Quit Registry Editor.
By setting this value, you configure user accounts and groups to be written directly to the Access Control List (ACL) of NTFS file system permissions, instead of the local groups.

↑ Back to the top

More information

FrontPage Server Extensions and SharePoint Team Services create local groups with names that are similar to the following
  • OWS_NUMBER_admin
  • OWS_NUMBER_advauthor
  • OWS_NUMBER_author
  • OWS_NUMBER_browser
  • OWS_NUMBER_collab
where NUMBER is a unique identifier that is automatically generated from the name of the of the Web site. These local groups store the user accounts for the different roles that are available in FrontPage or SharePoint Team Services.

↑ Back to the top

Keywords: KB321442, kbprb, kberrmsg, kbwebservices

↑ Back to the top

Article Info
Article ID : 321442
Revision : 5
Created on : 2/19/2007
Published on : 2/19/2007
Exists online : False
Views : 292