smastror
asked on
Clarification of Folder Permissions
I am still having problems with the folder permissions. My folder setup again is as follows....
Parent Folder
Sharing - Admin = Full Permission, Domain Admin = Full Permission, Domain Users = Read Permissions
Security - Admin = Full Permission, Domain Admin = Full Permission, Domain Users = Read & Execute, List Folder, Read Permissions
Sub Folder
Sharing - Admin = Full Permission, Domain Admin = Full Permission, Group A = Read Permissions
Security - Admin = Full Permission, Domain Admin = Full Permission, Group A = Modify, Read & Execute, List Folder, Read, Write Permissions
When I login as a user in Group A, I can see the subfolder and access the subfolder, however I cannot create a folder, or file - Access Denied. I had even given Group A full permission for both sharing and security, and still received the Access Denied when I tried to create a folder or file as a user in Group A.
Also, at no level has the deny right been selected.
If anyone can assist me with this, it would be greatly appreciated.
Parent Folder
Sharing - Admin = Full Permission, Domain Admin = Full Permission, Domain Users = Read Permissions
Security - Admin = Full Permission, Domain Admin = Full Permission, Domain Users = Read & Execute, List Folder, Read Permissions
Sub Folder
Sharing - Admin = Full Permission, Domain Admin = Full Permission, Group A = Read Permissions
Security - Admin = Full Permission, Domain Admin = Full Permission, Group A = Modify, Read & Execute, List Folder, Read, Write Permissions
When I login as a user in Group A, I can see the subfolder and access the subfolder, however I cannot create a folder, or file - Access Denied. I had even given Group A full permission for both sharing and security, and still received the Access Denied when I tried to create a folder or file as a user in Group A.
Also, at no level has the deny right been selected.
If anyone can assist me with this, it would be greatly appreciated.
I'd recommend granting full access on the share permissions to the "Group A", then control all of the access through the NTFS security
If you are accessing the sub-folder directly then the SHARE permissions of the parent have no effect - you are not accessing via the parent.
If you go directly to the sub-folder share then Group A has only read permissions on the share, and therefore Access is denyed when you attempt to create a new folder.
If you go directly to the sub-folder share then Group A has only read permissions on the share, and therefore Access is denyed when you attempt to create a new folder.
ASKER
KCTS, I had previously given Group A full access for both the Share and Security for the subfolder, and still could not create folders or files - Access Denied. I just tried this again, with Group A having Full Access for Share and Security, still access denied.
log off then back on as a user in group A, still the same?
Try applying the permissions to a specific user / test account that's not in Group A. Still the same?
Try applying the permissions to a specific user / test account that's not in Group A. Still the same?
When changing group membership permissions, you need to log off and log in for changes to take effect. Microsoft best practice is to give authenticated users full share control and use NTFS permissions to lock it down.
NTFS uses the most restrictive set of permissions.
NTFS uses the most restrictive set of permissions.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you for all your help. The shares are setup properly now.