Newly Created Security Groups Don't Work

Posted on 2008-11-03
Medium Priority
Last Modified: 2013-12-04
I have been building the file structure of my new file server for a few months, adding hierarchically structured folders according to the office divisions.  I have also been adding AD Security Groups to match the structure of the folders.  Persons working in a particular division are assigned to the Security Group for that division and the security group defines permissions to the divisional folder.  Up until today, it has all worked well.

This morning, I created a new divisional folder (we will call it "Council").  I created a similarly named security group (" SG_Office_Council") and I added a few names to it.  When I applied the security group to the folder, giving it standard "Modify" permissions (identically to how I had done for every other folder), I expected that only the members of the newly-created "SG_Office_Council" security group would have access to it.

When one of the members of the "SG_Office_Council" group tried to access the folder, there was no access.  The user was a member of a different security group ("SG_Office_GC"), so I removed the "SG_Office_Council" group from the folder and applied  the "SG_Office_GC" group to the folder.  The user had instant access.  

I tried removing all of the user-based security groups, and of course the user lost access to the folder.  I applied the user to the security permissions for the folder, and of course the user had access.

I recreated the "SG_Office_Council" security group as well as several others, and it seems that any newly created security groups do not work.  The old group work fine, but new ones don't.

Question by:dwstovall
  • 2

Expert Comment

ID: 22870993
When you created that group, did you add it to any other security group?  If you have it nested with another group, you can get some wierd errors.

Expert Comment

ID: 22871002
By the way, I didn't see where you mentioned what OS you were using for the AD environment.  Could you provide that to prevent any assuming?  Thanks dwstovall.
LVL 30

Accepted Solution

LauraEHunterMVP earned 750 total points
ID: 22871027
If I'm reading your description correctly, you changed the users' group memberships to reflect the newly-created group?  If so, did you have the users log out and log back in prior to attempting access?  This is required to see changes in permissions anytime a user is added to or removed from a group.

Featured Post

Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Here's a look at newsworthy articles and community happenings during the last month.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question