Solved

Users with full control and full share permissions can't write to shared folder

Posted on 2010-11-09
10
4,090 Views
Last Modified: 2012-05-10
Greetings,

I have a weird problem that occurred during migration of file server. We had old file server Windows 2003 which we migrated to Windows 2008 Server R2. The problem is some of the shared folders are shared with full permissions for the users (NTFS and shared permissions are configured correctly), but users CAN access the files but CAN'T write to shared folder. We tried to remove all permissions and add them again manually but it still doesn't work like it should. So any suggestions would be welcome. I'm running blind in this case. The effective permissions for all users are Full Control. When we added a new test user to same share directory, the user could write to the shared folder.

Thanks in advance.

If you need any further information let me know.
0
Comment
Question by:Dewiced
  • 3
  • 2
  • 2
  • +2
10 Comments
 
LVL 4

Expert Comment

by:Antyrael
ID: 34091791
This sounds weird, but have you tried removing the specific groups from a user, apply the changes, then add the group(s) again?
You may want to do this in 2 steps:
1) remove group(s) from a user, logout and back in again,
2) add user to the group(s) again, logout and back in again.
0
 
LVL 24

Expert Comment

by:Awinish
ID: 34091852
You can use Accessenum & sharenum too to verify the permission on the folder.

Try to take the ownership of the folder,define the access again,see if it works.

http://technet.microsoft.com/en-us/sysinternals/bb897332.aspx

http://www.softpedia.com/get/Security/Security-Related/ShareEnum.shtml
0
 
LVL 1

Author Comment

by:Dewiced
ID: 34091995
Antyrael: A new group was created and permissions were assigned to that group. To no effect. Logoff, Login didn't make any difference

Awinish: accessenum, shareenum show the same permission model. Ownership was taken and access granted. Didn't work.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 24

Expert Comment

by:Awinish
ID: 34092022
If you create a new folder & give user access, if it works i can think of file/folder corruption.

Can you check permission on root drive which is inheriting to other folders?
0
 
LVL 6

Expert Comment

by:nsonbaty
ID: 34092280
What is your AD OS version, is it 2008 r2 or still 2003
0
 
LVL 6

Expert Comment

by:nsonbaty
ID: 34099889
try to remove the inheritance option and copy the permission, and then re-add the permissions on all folders
0
 
LVL 38

Accepted Solution

by:
ChiefIT earned 500 total points
ID: 34109481
Are these distributive file shares with read only permissions on the DFS namespace. Read only is the default configuration of a DFS share namespace. So, when setting up a namespace you have to MANUALLY configure the namespace to have full permissions for the share permissions.

Also if the users is an authenticated user on the share and inhereted permissions from the parent share has read only permissions for authenticated users, while you add that user to have full permission, the share permissions will take the LESSER of the two permissions. So, you may have conflicting shares. So, as a general practice, when setting up shares is I break inhereted permissions. Then, I fill out my share permissions all the way until I get to the User's individual files. Then, that users will be the only one to use the file.

Sounds like you have one of two scenarios:
1) read only distributive file share namespace
2) inhereted permissions from the parent folder that have less permissions than full control.

Both of these will show effective permissions to be full control for the users, BUT you will get read only on the file folder because it's taking the lesser of the two permissions on the share permissions, since their GROUP permissions override their personal permissions.
0
 
LVL 1

Author Closing Comment

by:Dewiced
ID: 34109826
Solved

Problem was with inheritance permissions since folders were part of already shared folder.

Thanks for all your time and help.
0
 
LVL 24

Expert Comment

by:Awinish
ID: 34109893
ChiefIT: too Good..:)
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 34117248
LOL Awnish:

Thanks. (I ran into this myself a whil ago. It took me a week to sort out all of our shares, break inheretance, and remove all the inhereted permissions for it to work right).
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As technology users and professionals, we’re always learning. Our universal interest in advancing our knowledge of the trade is unmatched by most industries. It’s a curiosity that makes sense, given the climate of change. Within that, there lies a…
February 24, 2017 — On February 23, Travis Ormandy, a vulnerability researcher at Google, reported on Twitter (https://twitter.com/taviso/status/834900838837411840) that massive stores of data have been leaked by CloudFlare, a company that provide…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question