This article was previously published under Q296369
This article has been archived. It is offered "as is" and will no longer be updated.
If you use Microsoft Windows 2000 domain local groups to grant workspace or folder role permissions, when group members attempt to gain access to the secured content, those group members may receive "access denied" error messages. If you grant the role permissions to the domain user accounts individually, the users can gain access to the secured content.
This problem can occur if your Windows 2000 domain is operating in mixed mode; in mixed mode, the scope of a domain local group is limited to the domain controllers only. The domain local group is not valid for member servers; however, the user picker that is displayed when you assign security to SharePoint Portal Server resources does not filter out the domain local group entries that are not valid.
To resolve this problem, use domain global groups to assign security roles to folders if your Windows 2000 domain is running in mixed mode.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.