simple restriction... whats wrong?

Posted on 2005-05-11
Medium Priority
Last Modified: 2010-04-19

I had in nt4 200 users folders with simple restrictions working fine.

so now in w2003server I have a folders like this


I want only 3 people to access the "reports" folder

so I right clicked reports / properties / security
I added this 3 guys, and the administrators as full control
clic on accept and its ok,. still access everyone

so again I right clicked reports / properties / security  
i went to USERS, and clicked deny into "modify".
clicked ok and then noone of these 3 guys can access...

these 3 guys are part of the users group

but they have FULL ACCESS in the permissions sheet.

why is that?

thanks in advance.

Jezz how I miss nt4.

Question by:HTorres
  • 4
  • 2
LVL 97

Expert Comment

by:Lee W, MVP
ID: 13982840
First, you should NEVER assign permissions to individual users.  If you (or someone else) accidentally deletes them, or you have to add another user, it just gets messy.  Create a group for these users and put them in that group, then assign the group permissions to the folder.  

When you assign "deny", deny takes priority over allow, so if a person is a member of a group being "denied" then it doesn't matter if they are also in a group with allow, they are denied because deny is more important to windows.

When you set security, did you set it so that things were applied to previously existing documents and folders?

Author Comment

ID: 13982879
thanks leew

the folder was created from barebones with this rights:
administrators full control
users full control

thats it.


so if mark is part of users and also part of marketing, and users has restrictions to modify, ... he can not modify ... even he has full control in the other group?


so i need to take mark out of users and thats it?

that wont create me other issues when login or something?



Author Comment

ID: 13982890
or should i put restrictions individually to everyother user and not in the users group?

wich one will be messier/easier?

Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database


Author Comment

ID: 13982922
I removed the guys from users, and tried again with a brand new folder reports.  and when I set the restriction to the users group. it blocks the 3 users again.

what am I doing wrong?
LVL 97

Accepted Solution

Lee W, MVP earned 800 total points
ID: 13982982
Don't Deny.  I rarely, if ever use Deny.  If the user/group is not specifically granted permission, they won't have access.

I assume the 3 users you want to have access are in fact the "marketing" group?  If so, create a global group in Active Directory called "Marketing" and put these users in that group.  

Then, set the permissions on the folder so that:

Domain Admins: Full Control
Marketing: Full Control
System: Full Control

And that's it.  Make sure to apply the changes to all child objects.

The Users/Domain Users group should not appear anywhere (for deny or allow) in the security box.

Author Comment

ID: 13983784
that made it!

thank you leew!

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question