Clarification of Folder Permissions

I am still having problems with the folder permissions.  My folder setup again is as follows....
Parent Folder
Sharing - Admin = Full Permission, Domain Admin = Full Permission, Domain Users = Read Permissions
Security - Admin = Full Permission, Domain Admin = Full Permission, Domain Users = Read & Execute, List Folder, Read Permissions

Sub Folder
Sharing - Admin = Full Permission, Domain Admin = Full Permission, Group A = Read Permissions
Security - Admin = Full Permission, Domain Admin = Full Permission, Group A = Modify, Read & Execute, List Folder, Read, Write Permissions

When I login as a user in Group A, I can see the subfolder and access the subfolder, however I cannot create a folder, or file - Access Denied.  I had even given Group A full permission for both sharing and security, and still received the Access Denied when I tried to create a folder or file as a user in Group A.

Also, at no level has the deny right been selected.

If anyone can assist me with this, it would be greatly appreciated.
smastrorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Tsun4mi7Commented:
I'd recommend granting full access on the share permissions to the "Group A", then control all of the access through the NTFS security
0
Brian PiercePhotographerCommented:
If you are accessing the sub-folder directly then the SHARE permissions of the parent have no effect - you are not accessing via the parent.

If you go directly to the sub-folder share then Group A has only read permissions on the share, and therefore Access is denyed when you attempt to create a new folder.
0
smastrorAuthor Commented:
KCTS, I had previously given Group A full access for both the Share and Security for the subfolder, and still could not create folders or files - Access Denied.  I just tried this again, with Group A having Full Access for Share and Security, still access denied.

0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Tsun4mi7Commented:
log off then back on as a user in group A, still the same?

Try applying the permissions to a specific user / test account that's not in Group A. Still the same?
0
jjmartineziiiCommented:
When changing group membership permissions, you need to log off and log in for changes to take effect. Microsoft best practice is to give authenticated users full share control and use NTFS permissions to lock it down.

NTFS uses the most restrictive set of permissions.
0
AmericomCommented:
If you adjust the permissions for GroupA on the shared folder, no need to logoff and back in. It should be applied immediately.

If you access the share by \\ServerName\MainFolderShareName\SubFolderShareName\, you would have no permission to create folder or file due to the most restrictive of share&NTFS on the shared MainFolder which is READ.

If you access the share by \\ServerName\SubFolderDShareName\, you would still have NO permission to create folder or file due to the most restrictive of share&NTFS on the shared SubFolder which is READ.

So, if you had previously given Group A full access for both the Share and Security for the subfolder, you should be able to create file or folder if you access via \\ServerName\SubFolderDShareName\ but NOT via \\ServerName\MainFolderShareName\SubFolderShareName\.

This means normally you would stay away from Share within a Share unless your main folder already created and has became quite large and the subfolder you only want to share with a different group of user and would not want to pull it out of the main foler. Otherwise, you should create share only on the MainFolder as:
MainFolder
Share--Everyone or Authenticated Users, sometime Domain Users(Full)
Security--Group(s) that manage the filesystem (Full), Domain Users (RX)

SubFolder
Security--Group(s) that manage the filesystem (Full) & Domain Users (RX)[ should be inherited], GroupA (M)

Should never grant permission with individual account. Always use Group, yes even only one account.

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
smastrorAuthor Commented:
Thank  you for all your help.  The shares are setup properly now.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.