Our environment is XP SP3 + ZCM11. Some computers belong to domain, some do not.

I have created a Local File Rights policy and associated it with two devices - one that belongs to domain and one that does not. The policy is configured to give the Users group Modify rights to some particular folders.

For the non-domain computer, this works fine. But for domain computer, the rights don't seem to be there when I log in. I expect to be able to create files in the folder where the policy is assigning rights, but I can't.

I thought this should work, because the domain group 'MyDomain\Domain Users' is member of Users group on the local computer, and the user I log in as is member of 'MyDomain\Domain Users' group. I have verified that I am actually logging in to domain, not the local computer. I have also tried changing the policy so that it gives rights to 'MyDomain\Domain Users' or 'Authenticated Users' group and giving Full Control right instead of Modify, but this hasn't helped. What am I overlooking?