Solved

Users with full control and full share permissions can't write to shared folder

Posted on 2010-11-09
10
3,799 Views
Last Modified: 2012-05-10
Greetings,

I have a weird problem that occurred during migration of file server. We had old file server Windows 2003 which we migrated to Windows 2008 Server R2. The problem is some of the shared folders are shared with full permissions for the users (NTFS and shared permissions are configured correctly), but users CAN access the files but CAN'T write to shared folder. We tried to remove all permissions and add them again manually but it still doesn't work like it should. So any suggestions would be welcome. I'm running blind in this case. The effective permissions for all users are Full Control. When we added a new test user to same share directory, the user could write to the shared folder.

Thanks in advance.

If you need any further information let me know.
0
Comment
Question by:Dewiced
  • 3
  • 2
  • 2
  • +2
10 Comments
 
LVL 4

Expert Comment

by:Antyrael
ID: 34091791
This sounds weird, but have you tried removing the specific groups from a user, apply the changes, then add the group(s) again?
You may want to do this in 2 steps:
1) remove group(s) from a user, logout and back in again,
2) add user to the group(s) again, logout and back in again.
0
 
LVL 24

Expert Comment

by:Awinish
ID: 34091852
You can use Accessenum & sharenum too to verify the permission on the folder.

Try to take the ownership of the folder,define the access again,see if it works.

http://technet.microsoft.com/en-us/sysinternals/bb897332.aspx

http://www.softpedia.com/get/Security/Security-Related/ShareEnum.shtml
0
 
LVL 1

Author Comment

by:Dewiced
ID: 34091995
Antyrael: A new group was created and permissions were assigned to that group. To no effect. Logoff, Login didn't make any difference

Awinish: accessenum, shareenum show the same permission model. Ownership was taken and access granted. Didn't work.
0
 
LVL 24

Expert Comment

by:Awinish
ID: 34092022
If you create a new folder & give user access, if it works i can think of file/folder corruption.

Can you check permission on root drive which is inheriting to other folders?
0
 
LVL 6

Expert Comment

by:nsonbaty
ID: 34092280
What is your AD OS version, is it 2008 r2 or still 2003
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 
LVL 6

Expert Comment

by:nsonbaty
ID: 34099889
try to remove the inheritance option and copy the permission, and then re-add the permissions on all folders
0
 
LVL 38

Accepted Solution

by:
ChiefIT earned 500 total points
ID: 34109481
Are these distributive file shares with read only permissions on the DFS namespace. Read only is the default configuration of a DFS share namespace. So, when setting up a namespace you have to MANUALLY configure the namespace to have full permissions for the share permissions.

Also if the users is an authenticated user on the share and inhereted permissions from the parent share has read only permissions for authenticated users, while you add that user to have full permission, the share permissions will take the LESSER of the two permissions. So, you may have conflicting shares. So, as a general practice, when setting up shares is I break inhereted permissions. Then, I fill out my share permissions all the way until I get to the User's individual files. Then, that users will be the only one to use the file.

Sounds like you have one of two scenarios:
1) read only distributive file share namespace
2) inhereted permissions from the parent folder that have less permissions than full control.

Both of these will show effective permissions to be full control for the users, BUT you will get read only on the file folder because it's taking the lesser of the two permissions on the share permissions, since their GROUP permissions override their personal permissions.
0
 
LVL 1

Author Closing Comment

by:Dewiced
ID: 34109826
Solved

Problem was with inheritance permissions since folders were part of already shared folder.

Thanks for all your time and help.
0
 
LVL 24

Expert Comment

by:Awinish
ID: 34109893
ChiefIT: too Good..:)
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 34117248
LOL Awnish:

Thanks. (I ran into this myself a whil ago. It took me a week to sort out all of our shares, break inheretance, and remove all the inhereted permissions for it to work right).
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
A simple description of email encryption using a secure portal service. This is one of the choices offered by The Email Laundry for email encryption. The other choices are pdf encryption which creates an encrypted pdf of your email and any attachmen…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now