Solved

Users with full control and full share permissions can't write to shared folder

Posted on 2010-11-09
10
5,155 Views
Last Modified: 2012-05-10
Greetings,

I have a weird problem that occurred during migration of file server. We had old file server Windows 2003 which we migrated to Windows 2008 Server R2. The problem is some of the shared folders are shared with full permissions for the users (NTFS and shared permissions are configured correctly), but users CAN access the files but CAN'T write to shared folder. We tried to remove all permissions and add them again manually but it still doesn't work like it should. So any suggestions would be welcome. I'm running blind in this case. The effective permissions for all users are Full Control. When we added a new test user to same share directory, the user could write to the shared folder.

Thanks in advance.

If you need any further information let me know.
0
Comment
Question by:Dewiced
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +2
10 Comments
 
LVL 4

Expert Comment

by:Antyrael
ID: 34091791
This sounds weird, but have you tried removing the specific groups from a user, apply the changes, then add the group(s) again?
You may want to do this in 2 steps:
1) remove group(s) from a user, logout and back in again,
2) add user to the group(s) again, logout and back in again.
0
 
LVL 24

Expert Comment

by:Awinish
ID: 34091852
You can use Accessenum & sharenum too to verify the permission on the folder.

Try to take the ownership of the folder,define the access again,see if it works.

http://technet.microsoft.com/en-us/sysinternals/bb897332.aspx

http://www.softpedia.com/get/Security/Security-Related/ShareEnum.shtml
0
 
LVL 1

Author Comment

by:Dewiced
ID: 34091995
Antyrael: A new group was created and permissions were assigned to that group. To no effect. Logoff, Login didn't make any difference

Awinish: accessenum, shareenum show the same permission model. Ownership was taken and access granted. Didn't work.
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 24

Expert Comment

by:Awinish
ID: 34092022
If you create a new folder & give user access, if it works i can think of file/folder corruption.

Can you check permission on root drive which is inheriting to other folders?
0
 
LVL 6

Expert Comment

by:nsonbaty
ID: 34092280
What is your AD OS version, is it 2008 r2 or still 2003
0
 
LVL 6

Expert Comment

by:nsonbaty
ID: 34099889
try to remove the inheritance option and copy the permission, and then re-add the permissions on all folders
0
 
LVL 39

Accepted Solution

by:
ChiefIT earned 500 total points
ID: 34109481
Are these distributive file shares with read only permissions on the DFS namespace. Read only is the default configuration of a DFS share namespace. So, when setting up a namespace you have to MANUALLY configure the namespace to have full permissions for the share permissions.

Also if the users is an authenticated user on the share and inhereted permissions from the parent share has read only permissions for authenticated users, while you add that user to have full permission, the share permissions will take the LESSER of the two permissions. So, you may have conflicting shares. So, as a general practice, when setting up shares is I break inhereted permissions. Then, I fill out my share permissions all the way until I get to the User's individual files. Then, that users will be the only one to use the file.

Sounds like you have one of two scenarios:
1) read only distributive file share namespace
2) inhereted permissions from the parent folder that have less permissions than full control.

Both of these will show effective permissions to be full control for the users, BUT you will get read only on the file folder because it's taking the lesser of the two permissions on the share permissions, since their GROUP permissions override their personal permissions.
0
 
LVL 1

Author Closing Comment

by:Dewiced
ID: 34109826
Solved

Problem was with inheritance permissions since folders were part of already shared folder.

Thanks for all your time and help.
0
 
LVL 24

Expert Comment

by:Awinish
ID: 34109893
ChiefIT: too Good..:)
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 34117248
LOL Awnish:

Thanks. (I ran into this myself a whil ago. It took me a week to sort out all of our shares, break inheretance, and remove all the inhereted permissions for it to work right).
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question