Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 6435
  • Last Modified:

Users with full control and full share permissions can't write to shared folder

Greetings,

I have a weird problem that occurred during migration of file server. We had old file server Windows 2003 which we migrated to Windows 2008 Server R2. The problem is some of the shared folders are shared with full permissions for the users (NTFS and shared permissions are configured correctly), but users CAN access the files but CAN'T write to shared folder. We tried to remove all permissions and add them again manually but it still doesn't work like it should. So any suggestions would be welcome. I'm running blind in this case. The effective permissions for all users are Full Control. When we added a new test user to same share directory, the user could write to the shared folder.

Thanks in advance.

If you need any further information let me know.
0
Dewiced
Asked:
Dewiced
  • 3
  • 2
  • 2
  • +2
1 Solution
 
AntyraelCommented:
This sounds weird, but have you tried removing the specific groups from a user, apply the changes, then add the group(s) again?
You may want to do this in 2 steps:
1) remove group(s) from a user, logout and back in again,
2) add user to the group(s) again, logout and back in again.
0
 
AwinishCommented:
You can use Accessenum & sharenum too to verify the permission on the folder.

Try to take the ownership of the folder,define the access again,see if it works.

http://technet.microsoft.com/en-us/sysinternals/bb897332.aspx

http://www.softpedia.com/get/Security/Security-Related/ShareEnum.shtml
0
 
DewicedAuthor Commented:
Antyrael: A new group was created and permissions were assigned to that group. To no effect. Logoff, Login didn't make any difference

Awinish: accessenum, shareenum show the same permission model. Ownership was taken and access granted. Didn't work.
0
Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

 
AwinishCommented:
If you create a new folder & give user access, if it works i can think of file/folder corruption.

Can you check permission on root drive which is inheriting to other folders?
0
 
nsonbatyCommented:
What is your AD OS version, is it 2008 r2 or still 2003
0
 
nsonbatyCommented:
try to remove the inheritance option and copy the permission, and then re-add the permissions on all folders
0
 
ChiefITCommented:
Are these distributive file shares with read only permissions on the DFS namespace. Read only is the default configuration of a DFS share namespace. So, when setting up a namespace you have to MANUALLY configure the namespace to have full permissions for the share permissions.

Also if the users is an authenticated user on the share and inhereted permissions from the parent share has read only permissions for authenticated users, while you add that user to have full permission, the share permissions will take the LESSER of the two permissions. So, you may have conflicting shares. So, as a general practice, when setting up shares is I break inhereted permissions. Then, I fill out my share permissions all the way until I get to the User's individual files. Then, that users will be the only one to use the file.

Sounds like you have one of two scenarios:
1) read only distributive file share namespace
2) inhereted permissions from the parent folder that have less permissions than full control.

Both of these will show effective permissions to be full control for the users, BUT you will get read only on the file folder because it's taking the lesser of the two permissions on the share permissions, since their GROUP permissions override their personal permissions.
0
 
DewicedAuthor Commented:
Solved

Problem was with inheritance permissions since folders were part of already shared folder.

Thanks for all your time and help.
0
 
AwinishCommented:
ChiefIT: too Good..:)
0
 
ChiefITCommented:
LOL Awnish:

Thanks. (I ran into this myself a whil ago. It took me a week to sort out all of our shares, break inheretance, and remove all the inhereted permissions for it to work right).
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

  • 3
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now