[Webinar] Streamline your web hosting managementRegister Today

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 874
  • Last Modified:

Access Denied on SBS 2003 while effective permissions shows full control

I am creating two groups of users. The point of the two groups is so that one has full access to a particular folder while another only has list/read/execute access (admin / restricted user).

So far I've created the main folder and all sub folders inside of it. My problem is that the admin users are unable to write to these folders. They are unable to copy anything to these folders or create new folders. When I check out effective permissions, they have full control of the folder and all sub folders. I checked out the effective permissions for both the specific user and the group. Both have full control of the folder and sub folders.

All of the users from these two groups will be logging into the SBS remotely. I tried to log in locally and it came up with an error about local policy denies access to log in interactively. I'm not sure if this is what would deny them access. If so, how do I fix it.

I do realize that one deny access controls over all allows. Where do I go to start troubleshooting this problem.
2 Solutions
Looks like Your Folder is inheriting permissions from somewhere (probably root of the Share or Drive). What you need to do is to remove the "Inherit Permissions" Check Box. Recreate the acl and I bet it will work just fine after you clear the Inheriting permissions.

There is a Sysinternal Tool called AccessEnum which will evaluate the NTFS permissons and will tell you what is going wrong.

Here is the link for that: http://technet.microsoft.com/en-us/sysinternals/bb897332.aspx

On a side note, the access denied for interactive login is different and unrelated to your folder problem.

The toll above will help you narrow it down.

Have you got the folder in question inheriting rights, or did you remove that option?  I normally remove inherited rights as the first step when configuring a specific requirement, and then adding the groups and rights accordingly after that.

Where are you checking the effective rights?  What about the parent folder, it might be they have the correct effective permissions 1 folder up from parent, but tehy don't actually have the necessary permission to access parent hence access denied.  Just a thought.
JohnnyBCJAuthor Commented:
I believe I figured this out.

There is a difference between file permissions and shared folder permissions.

Originally the folder wasn't going to be a shared folder. After trying everything I could think of, I decided to make it a shared folder. I still got access denied. It now works after I added the admin/normal user group to the shared folder permissions.

Thanks for your help guys.


Featured Post

Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now