Solved

User with Full Control unable to delete files in Server 2000 network share

Posted on 2008-06-24
13
381 Views
Last Modified: 2013-12-05
I'm doing some housekeeping on one of our servers and in the process trying to delete shared folders belonging to ex-employees. I have assigned Full Control rights to these folder to supervisors of the ex-employees. When the supervisors try to delete items from the folders they get an error message stating they do not have permission to delete the file. What do I have to do to allow one user to delete files in the shared folder of another user?

This is occurring on a Windows 2000 Server in a 2003 Domain. Client PC are Windows XP. The share is the users home share on the network.

Thanks for any help
RickKnight
0
Comment
Question by:RickKnight
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
13 Comments
 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 21858884
Check the permissions on the share as well as any NTFS permissions, as Windows will grant the least permissive combination of the 2.  I.e., if a user has Read permissions at the share level and Full Control NTFS perms, their effective permission set will be Read, not Full Control.
0
 

Author Comment

by:RickKnight
ID: 21859066
Thank you for the reply,

I hate to sound like a dummy, but what are NTFS permissions as opposed to the Share permissions and Folder Properties > Security settings?

Thanks again,
RickKnight
0
 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 21859092
0
What, When and Where - Security Threats from Q1

Join Corey Nachreiner, CTO, and Marc Laliberte, Information Security Threat Analyst, on July 26th as they explore their key findings from the first quarter of 2017.

 

Author Comment

by:RickKnight
ID: 21859822
Thanks for the link. I read the article and another article by the same author, http://www.windowsecurity.com/articles/Understanding-Windows-NTFS-Permissions.html.

As I understand NTFS permissions, I have the user configured with these NTFS permissions...

Full Control
Modify
Read & Execute
List Folder Contents
Read
Write

I have the Share permissions set for "Authenticated Users" ...

Full Control
Change
Read

I assume the NTFS permissions are accessed in the Security tab of the file or folder Properties dialog? Is this correct? What else do I need to do to allow the user to delete files and folders?

Thanks again,
RickKnight


 
0
 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 21859859
Based on that combination, the user should be able to delete the files/folders in question.  If they are not, instruct the user to take ownership of the files/folders and attempt to delete them again. Also confirm that the files/folders have not been flagged as read-only or encrypted.
0
 

Author Comment

by:RickKnight
ID: 21860068
I've tried to have the user take ownership of the folder/files. That also does not work. The user gets a message saying they only have permission to view the security settings.

The files are neither compressed nor encrypted.

Thanks,
RickKnight
0
 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 21860097
Then you do not have your permissions configured as you have described above.  A "Take Ownership" operation requires Full Control permissions; if it fails, the user does not have Full Control. (Given this, a delete operation will likely succeed without taking ownership once you rectify the permission assignment to Full Control.)
0
 

Author Comment

by:RickKnight
ID: 21860200
I have configured this user with these permissions on the Security tab of the Properties dialog of the folder...

Full Control
Modify
Read & Execute
List Folder Contents
Read
Write

Under the Advanced button in View/Edit, every permission is set to allow including Take Ownership.

Where else do I need to set the permission?

Thanks,
RickKnight
0
 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 21860222
Confirm that there are no other permissions configured at the same level that would conflict, particularly a Deny entry.  Also re-confirm share permissions if applicable.
0
 

Author Comment

by:RickKnight
ID: 21860302
There Share Permissions are, Authenticated Users, Allow Full, Change & read. The NTFS Permissions for this user are Allow Full Control, Modify, Read & Execute, List Folder Contents, Read, Write. There are no Deny entries.

This Share is inside another share that has more restrictive permissions. The upper level share has "Authenticated Users" Allow Read only. No other Allow entries and no Deny entries. Also the upper NTFS Permissions do not include this user. Could the more restrictive share permissions on the upper level folder be causing this problem?

Thanks again,
RickKnight
0
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 500 total points
ID: 21860375
If the files are being accessed using the UNC of the more restrictive share, then the more restrictive permissions will apply.
0
 

Author Comment

by:RickKnight
ID: 21860405
Yes, I am having the user access the share as \\strocal-2\home\CSchmidt wher CSchmidt is the share with the problem and home is also a share.

I can have the user try as a mapped drive pointing directly to the CSchmidt folder.

0
 

Author Comment

by:RickKnight
ID: 21861017
Thanks,

That's the answer. When I mapped the share as drives, the users do have Full Control.

Thanks for your help,
RickKnight
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question