Access Denied on SBS 2003 while effective permissions shows full control

I am creating two groups of users. The point of the two groups is so that one has full access to a particular folder while another only has list/read/execute access (admin / restricted user).

So far I've created the main folder and all sub folders inside of it. My problem is that the admin users are unable to write to these folders. They are unable to copy anything to these folders or create new folders. When I check out effective permissions, they have full control of the folder and all sub folders. I checked out the effective permissions for both the specific user and the group. Both have full control of the folder and sub folders.

All of the users from these two groups will be logging into the SBS remotely. I tried to log in locally and it came up with an error about local policy denies access to log in interactively. I'm not sure if this is what would deny them access. If so, how do I fix it.

I do realize that one deny access controls over all allows. Where do I go to start troubleshooting this problem.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Looks like Your Folder is inheriting permissions from somewhere (probably root of the Share or Drive). What you need to do is to remove the "Inherit Permissions" Check Box. Recreate the acl and I bet it will work just fine after you clear the Inheriting permissions.

There is a Sysinternal Tool called AccessEnum which will evaluate the NTFS permissons and will tell you what is going wrong.

Here is the link for that:


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
On a side note, the access denied for interactive login is different and unrelated to your folder problem.

The toll above will help you narrow it down.

Have you got the folder in question inheriting rights, or did you remove that option?  I normally remove inherited rights as the first step when configuring a specific requirement, and then adding the groups and rights accordingly after that.

Where are you checking the effective rights?  What about the parent folder, it might be they have the correct effective permissions 1 folder up from parent, but tehy don't actually have the necessary permission to access parent hence access denied.  Just a thought.
JohnnyBCJAuthor Commented:
I believe I figured this out.

There is a difference between file permissions and shared folder permissions.

Originally the folder wasn't going to be a shared folder. After trying everything I could think of, I decided to make it a shared folder. I still got access denied. It now works after I added the admin/normal user group to the shared folder permissions.

Thanks for your help guys.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.