Newly Created Security Groups Don't Work

Posted on 2008-11-03
Last Modified: 2013-12-04
I have been building the file structure of my new file server for a few months, adding hierarchically structured folders according to the office divisions.  I have also been adding AD Security Groups to match the structure of the folders.  Persons working in a particular division are assigned to the Security Group for that division and the security group defines permissions to the divisional folder.  Up until today, it has all worked well.

This morning, I created a new divisional folder (we will call it "Council").  I created a similarly named security group (" SG_Office_Council") and I added a few names to it.  When I applied the security group to the folder, giving it standard "Modify" permissions (identically to how I had done for every other folder), I expected that only the members of the newly-created "SG_Office_Council" security group would have access to it.

When one of the members of the "SG_Office_Council" group tried to access the folder, there was no access.  The user was a member of a different security group ("SG_Office_GC"), so I removed the "SG_Office_Council" group from the folder and applied  the "SG_Office_GC" group to the folder.  The user had instant access.  

I tried removing all of the user-based security groups, and of course the user lost access to the folder.  I applied the user to the security permissions for the folder, and of course the user had access.

I recreated the "SG_Office_Council" security group as well as several others, and it seems that any newly created security groups do not work.  The old group work fine, but new ones don't.

Question by:dwstovall
    LVL 9

    Expert Comment

    When you created that group, did you add it to any other security group?  If you have it nested with another group, you can get some wierd errors.
    LVL 9

    Expert Comment

    By the way, I didn't see where you mentioned what OS you were using for the AD environment.  Could you provide that to prevent any assuming?  Thanks dwstovall.
    LVL 30

    Accepted Solution

    If I'm reading your description correctly, you changed the users' group memberships to reflect the newly-created group?  If so, did you have the users log out and log back in prior to attempting access?  This is required to see changes in permissions anytime a user is added to or removed from a group.

    Featured Post

    Maximize Your Threat Intelligence Reporting

    Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

    Join & Write a Comment

    Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
    Article by: btan
    The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now