Microsoft KB Archive/321442

= FrontPage Server Extensions and SharePoint Team Services cannot add local groups to roles =

Article ID: 321442

Article Last Modified on 2/19/2007

-

APPLIES TO


 * Microsoft FrontPage 2002 Server Extensions
 * Microsoft SharePoint Team Services

-



This article was previously published under Q321442



SYMPTOMS
When you try to add a local group to a role by using the Microsoft FrontPage Server Extensions or SharePoint Team Services from Microsoft administration Web pages, you receive the following error message:

The group &quot; \ &quot; cannot be added to the role(s) &quot; &quot; since Windows does not allow local groups to be nested.



CAUSE
FrontPage Server Extensions and SharePoint Team Services create local groups for each role defined on a web. When you add users or groups to a role, the administration tools try to add all accounts to these local groups. Because Windows does not allow local groups to be nested, you receive the error message when you try to add a local group to a role.



WORKAROUND
To work around this issue, use either of the following methods:  Add only user accounts, system groups, or domain groups to FrontPage or SharePoint Team Services roles.

Note If the server that is using the FrontPage Server Extensions or SharePoint Team Services is a Domain Controller, you will see the same error message that is listed in the &quot;Symptoms&quot; section of this article if you try to add a domain group to a role. Disable the creation of local groups by the Server Extensions. To do this, follow these steps:  Click Start, and then click Run. In the Open box, type regedit.exe, and then press ENTER. In Registry Editor, locate and select the following subkey (folder):

HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\All Ports

 On the Edit menu, point to New, and then click String Value. Type NoMachineGroups and then press ENTER to name the value.</li> Double-click the new value to edit it.</li> In the Value data box, type 1, and then click OK.</li> Quit Registry Editor.</li></ol> </li></ul>

By setting this value, you configure user accounts and groups to be written directly to the Access Control List (ACL) of NTFS file system permissions, instead of the local groups.

<div class="moreinformation_section">

MORE INFORMATION
FrontPage Server Extensions and SharePoint Team Services create local groups with names that are similar to the following
 * OWS_ _admin
 * OWS_ _advauthor
 * OWS_ _author
 * OWS_ _browser
 * OWS_ _collab

where  is a unique identifier that is automatically generated from the name of the of the Web site. These local groups store the user accounts for the different roles that are available in FrontPage or SharePoint Team Services.

Additional query words: front page share point fpse

Keywords: kbwebservices kberrmsg kbprb KB321442

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.