Solved

Permissions on shares

Posted on 2011-03-02
95
895 Views
Last Modified: 2012-05-11
Hi all,

I'm having some issues granting permissions to a share and can't figure out what is going on.

Windows SBS 2003 by the way.

I created a share on this box, granted access to those who needed it.  Those all need "Full Control".  Although I have selected this in everyway I can find, there are still issues.

For example one user can create a folder within the share, the properties says she "Owns" it but when you look at permissions for her, there are none.  This is immediately after creating the folder within the share.  

Then others have had issues where they can get to the share, a folder within the share, a file within that but can't open the file.

Could any of this be due to not correctly setting permissions to begin with, then the first user creating folders within the share before those permissions were properly set?

I guess what I am asking is this.  When creating a share and allowing only certain users to access it, what default setting would allow everyone I give access to that share "Full Control"?

It's like some can get part way through the share while others can get all the way.  Then the perons who created the folder within the share doesn't have access by default for some reason.

0
Comment
Question by:macwalker1
  • 36
  • 30
  • 18
  • +2
95 Comments
 
LVL 3

Expert Comment

by:4runnerfun
Comment Utility
Are you setting just NTFS permissions or Share Permissions or Both? For a share, you should do both.
0
 
LVL 31

Expert Comment

by:DrUltima
Comment Utility
Remember that Share permissions do not always match NTFS permissions.  Are you granting permissions from the Share tab or from the Security tab?  Most Admins will go with Authenticated Users Full on the Share and then define NTFS in a more granular fashion.

DrUltima
0
 

Author Comment

by:macwalker1
Comment Utility
Both.  It's driving me nuts.  I'll get a screen shot if that will help.
0
 
LVL 32

Expert Comment

by:it_saige
Comment Utility
Share permissions and File/Folder permissions are two different animals.  For share permissions, you should give Full Control to All Users, regardless of whether they need access to the share or not.  Then at the File/Folder level you should set the permissions so that users have the appropriate permissions.  I usually recommend using groups as opposed to user specific security permissions as it makes it easier to manage the permissions.  Also, one thing to remember is that as you add security permissions for users (into groups or onto folders/files) those users will need to logout and log back in so that their security token is regenerated to include the new access provided.

HTH,

-saige-
0
 
LVL 31

Expert Comment

by:DrUltima
Comment Utility
I respectfully disagree with 4runnerfun.  Setting permissions at both the Share and NTFS level frequently has unintended consequences.  Choose one or the other.  Because NTFS is much more versatile, open up Share level permissions (and I choose generally Authenticated Users rather than Everyone, as saige suggests) and use NTFS to control who gets what...

DrUltima
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
OK, I think you may be confusing Share Permissions and NTFS (security tab) permissions.

I generally apply Everyone Change as share permission and then use NTFS to ant access to the actual files/folders.
0
 

Author Comment

by:macwalker1
Comment Utility
Ok hang on just a second.  

On the "Share" part of this I have it set to "Full Control" for the administrator and all three users that need full control.

On the "Security" tab all is the same.  

Does "inheritable permissions" apply here?
0
 
LVL 74

Accepted Solution

by:
Glen Knight earned 250 total points
Comment Utility
>>On the "Share" part of this I have it set to "Full Control" for the administrator and all three users that need full control

Nope, give Administrators or Domain Admins full controll and then give Everyone or Authenticated users (whichever you prefer) Change.

Then on NTFS apply Domain Admins = Full and then the users you want to have access give them the rights you want to give them ;)

The most restrictive combination will always win.  That's why I open it all up wth shares and then lock it back down with NTFS.
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
Think of it like this.

You give everyone access to a museum (share permissions) and then you lock the doors they are not allowed in to (NTFS) or give them the keys (NTFS) to the rooms.
0
 
LVL 31

Expert Comment

by:DrUltima
Comment Utility
As a point of clarification....

Domain Admins SHOULD be a member of the local Administrators group on a Member Server.  Because of this, I generally recommend using the local Administrators group have Full control on the NTFS perms rather than specifying Domain Admins....  Inheritance should take care of that for you, but if not done this way, you may not have access to it if it loses connectivity with the domain for some reason.

Other than that, I agree with my esteemed colleague, demazter...

DrUltima
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility

Absolutely agree with DrUltima, the only thing I would say is that SBS is a domain controller, so no local administrators ;)
0
 

Author Comment

by:macwalker1
Comment Utility
Ok I have applied all your suggestions, now the users need to log off and back on for this to take effect?
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
they shouldn't do in theory, but if it's not working then yes that's the first step to take.
0
 

Author Comment

by:macwalker1
Comment Utility
Ok I'm having them do that now.  Ha...forgot to tell them I was in the middle of all this....just got a call: "Hey I'm having problems with my signatures folder!"  lol  Guess I should have told them I was workin'!
0
 
LVL 31

Expert Comment

by:DrUltima
Comment Utility
Depends on the client.... New Windows OS will authenticate each time a resource is accessed.  Older ones (Windows XP and older) tend to do an initial handshake with a resource and not let go.  More often than not, they will require a log out/log on.

Forgot it was SBS.  Scratch my comment http:#a35020747, unless dealing with Standard or Enterprise... :)

DrUltima
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
Yeah, that will do it ;) communication is key when making changes :D
0
 

Author Comment

by:macwalker1
Comment Utility
Well guys that was a big flop.  One user can get into the folder but can't do anything once she gets there and the other cant' even access it:  ACCESS DENIED!
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
OK, you want to post a screenshot of what you have setup??  Both Share and NTFS tab please.
0
 

Author Comment

by:macwalker1
Comment Utility
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
On the Share tab if you highlight Authenticated Users and Everyone what check boxes do you have?
0
 

Author Comment

by:macwalker1
Comment Utility
0
 
LVL 31

Assisted Solution

by:DrUltima
DrUltima earned 250 total points
Comment Utility
Change the Deny to Allow...

In other words, UNCHECK Deny and CHECK Allow....
0
 

Author Comment

by:macwalker1
Comment Utility
When I selected "Change" it selected "Read" in the deny column as well.
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
There is your problem, they are in the deny box, they need to be in the allow or they wont get access.

Deny ALWAYS wins.
0
 

Author Comment

by:macwalker1
Comment Utility
Both?
0
 

Author Comment

by:macwalker1
Comment Utility
Ok I misunderstood the earlier post.  That didn't make sense to me. lol
0
 
LVL 31

Expert Comment

by:DrUltima
Comment Utility
Yes, for both... Never Deny from SHARE permissions.
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
Doesn't matter what you do if you set DENY it always wins.
0
 

Author Comment

by:macwalker1
Comment Utility
Yeah so I see. lol.  When I read the part way at the first about "Change" etc I clearly muffed that up.

Now should anything about inheritable permissions be messed with?

FYI the users are telling me they are good now.
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
Inheritable permissions are only really valid if you turn inheritance off or remove the inherited permissions that are already there, by default the permissions cascade down the tree.
0
 

Author Comment

by:macwalker1
Comment Utility
I'm sorry but that can be so freakin' confusing.  I just wanted these three people to be able to read, write, change etc.  Just those three freakin' people.  

So to recap, give "Everyone" access to the share, then decide who gets what on the "Securities" part of it all?
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
That looks perfect :)
0
 

Author Comment

by:macwalker1
Comment Utility
Ok guys I appreciate it.  Sorry you guys will real IT degrees and oodles of "sperience" have to lugg we hangers on around.  I kinda "fell" into this so I'm trying to make a career out of it!  I don't really have time to go to school full time with a family now.

Why didn't someone tell me about this BEFORE I had kids! I could be making the big bucks like you guys!  At least minimum wage!

I could keep you guys busy by myself let alone the other million folks on here.
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
We are here to help, and enjoy these types of threads so don't worry about that.

There are some amazing people on these forums and you can get pretty much any question you like answered.

It's a great way to learn.
0
 
LVL 31

Expert Comment

by:DrUltima
Comment Utility
Hey... For what it is worth, my degree is Music Education and working on a masters in Pastoral Counseling....  Should give you hope on being able to learn this stuff.  And, like dematzer said, if you struggle, just ask around...  Chances are that someone else has dealt with it before.

DrUltima
0
 

Author Comment

by:macwalker1
Comment Utility
I second that.  I can learn a ton just by poking around but when there's so many folks been there before I don't see a point in banging my head against a wall too long.  I love to figure something out but man there's some things that you just have to know the base things before you can do the others.

Feels like Algebra....10th grade..."F"....after making a "B" I never knew what I missed but it was certainly "key" lol.  

So I'm applying what I have learned here to another share that I just created with an Excel file in it that 5 people need to access, add to and change etc.  So all that I  learned here should apply there as well, correct?
0
 

Author Comment

by:macwalker1
Comment Utility
Ohh by the way, does the "owner" of the object matter here?  If user one creates a folder within this share, does everyone else automatically have the permission needed here?  Or does she have to create the folder then give permissions?
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
yes it should, with the exception........

Me, personally, and DrU may or may not agree....

Create one share. and give everyone access to it, don't create any security permissions.

Then create folders under that shared folder and apply the appropriate NTFS permissions there.

This way you only have one share, or as I like to refer to it, a single point of entry.

And you can say, "oh yeah, go to the J Drive and then such and such a folder"
it's always the J Drive, it's not a different share for each resource.

Makes it much tidier and easier to manage.  Plus if you look at museums, they only have one front door, there's a reason for that ;)
0
 
LVL 31

Expert Comment

by:DrUltima
Comment Utility
Sounds good... I will say this, and it was mentioned earlier by it_saige, the more you do this, the more you will find value in creating groups and managing permissions that way.  If a user needs access to that Excel file in the future, all you have to do is add them to that group, rather than to in and modify the permissions again.  If they change jobs and should not have access to that Excel file, then you just remove them from the group, rather than going in and changing permissions.  It is easier to maintain group memberships, normally, than it is to maintain multiple permission sets for shares.

DrUltima
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
The OWNER permission only really comes in to effect if you have CREATOR OWNER type drop boxes where only the person who DROPS the file can see/read/change it.
0
 
LVL 31

Expert Comment

by:DrUltima
Comment Utility
In a small environment, I agree with the single share approach, and since SBS is almost always a small environment, I will agree here. :)
0
 
LVL 32

Expert Comment

by:it_saige
Comment Utility
Also remember (I sorta skimmed once I saw this no-no).  Denying a permission take precedence over allowing a permission.  

In this sense, denying says "no, never, always" no matter how much you say "yes, do it now, always".  If you simply leave a permission (whether a share/NTFS/AD, etc.) uncheck, the system just simply says you don't have access to this, but if you deny a permission, that permission is denied by way of your inheritance structure, even if you explicitly say to allow it later on in the share/NTFS/AD structure.

As dmazter stated earlier (which I really liked his analogy).  You set All Users/Authenticated Users/Everyone with (Full Share Access or Change Access) to let them in the door of the museum.  But then use NTFS to decide what doors in the museum are accessible - i.e.:
Bathrooms [NTFS <Everyone - Full Control>]
Archives [NTFS <Everyone - No Control (not denied)>, <Archive Group - Full Control>]
Exhibit 1 [NTFS <Everyone - Read Access>, <School Group - Modify Access>, <Exibit Maintenance Group - Full Control>]

HTH,

-saige-
0
 

Author Comment

by:macwalker1
Comment Utility
There's hope then if you're coming from the Pastoral Counseling angle.  I have an Assoc. Degree in Arts...yep I was going to be a "Rock Star" artist of some kind.  Man I didnt even own a computer in'95 when I go that degree!  

The groups thing has always puzzled me.  I can see it in theory but the last time I did a group thing I applied it domain wide and screwed all kinds of stuff up that even the admin couldn't fix ad first!
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
Groups work in the same way as permissions.

If you look back at the Museum analogy.

You have Curators, Security, Visitors

Curators always get the same set of keys
Security always get the same set of keys
Visitors always get the same set of keys

Then you just tell the system what those keys can get in to ;)
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
Forgot to say that if a Curator changes their job to a security guard for a week then you can either add them to both groups to give them access to the combined rooms or move them from the curators group to the security group to give them only access to the security guards rooms.
0
 

Author Comment

by:macwalker1
Comment Utility
That analogy was great.  It really helped me understand the "flow" of it all.  I'm always weary here that something that was done before I came on the scene is undoing or affecting something I am doing now.

That analogy is somewhat like the one I used with the mgr here about how doing anything other than a full back up meant that at some point you had to have a full to apply the diff or incremental to.  

The only way I could get them to understand is by saying the full was like having the whole house,  the diff was like making a copy of the top floor at a certain point in time.  That top half didn't do you any good if you didn't have the bottom half to stick the top onto if the top half got knocked off at some point.  Not as eloquent as the museum analogy but it got the point through to the mgmnt. lol
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:macwalker1
Comment Utility
What is the most effective approach to take in creating a "Group Policy" in SBS.  For instance if I wanted to create a "Group" that has access to the Excel file I mentoned earlier, how would I best accomplish that?  I have those 5 people that need to access, read, write, change, save and all such as that.
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
>>The only way I could get them to understand is by saying the full was like having the whole house

You can actually use the museum here too.

Imagine, you have an empty museum on Monday, you've loaned all the art out, so you take a backup.

On Wednesday you take a differential backup after a delivery of some famour artifacts.

The museum burns down on Thursday, to get it back you have to rebuild the museum with Monday's full backup then apply Wednesdays differential backup, you won't get all the artifacts back unless you apply both.  And the artifacts will have nowhere to go if you don't apply Mondays backup first.
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
I am not sure you mean Group Policy here?  What exactly are you refering to when you say "Group Policy"?
0
 

Author Comment

by:macwalker1
Comment Utility
Sorry DrUltima.  Will do.  

damazler and all else thanks for your help.  I'll award and close.
0
 
LVL 31

Expert Comment

by:DrUltima
Comment Utility
You create a group called "ExcelFileAccess" or something which matches your own naming convention.  You add those five members to the group from ADUC (Active Directory Users and Computers).  You give that group, rather than the five individuals, the access to the Excel file.  It is an extra step in the setup (creating the group and adding the members), but in the long run it should be easier to maintain.  To use the Museum analogy...

You have a new wing of Modern Art (the file)...  You create a new key for that wing (the group).  You give the key to your give modern art admins (the members of the group).  Now, instead of changing the lock to the exhibit when Bob switch from Modern Art to Cave Drawings, all you do is take his key (remove him from the group).
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
ahem.......SBS......Please use the wizards to create Groups and Users........
0
 
LVL 31

Expert Comment

by:DrUltima
Comment Utility
Disregard my comment about closing due to group policy... Group Policy is actually a different technology in Active Directory, and I jumped there when I should not have.  Once I re-read your question and realized you were talking about share permissions, I deleted the admin comment.

DrUltima
0
 

Author Comment

by:macwalker1
Comment Utility
DrUltima where can i move this part to?
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
you can carry on here if you wish, myself and DrUltima will be sticking around ;)

Once it deviates too far away from the original question one or both of us will hint that a new question needs to be opened ;)
0
 
LVL 31

Expert Comment

by:DrUltima
Comment Utility
"DrUltima where can i move this part to?"

I am not sure I understand what you are asking.
0
 

Author Comment

by:macwalker1
Comment Utility
well I just want to follow the rules here. Thanks for understanding.

 I'm creating that group now.  ADUC>Right Click>New Group> then "Group Scope" "Group Type" and what should those settings be?
0
 
LVL 31

Expert Comment

by:DrUltima
Comment Utility
Global Security

My memory is not good enough to tell you how to do it from the SBS Wizard, and demazter reminded me.... :)

DrUltima
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
Ahem! Use the Serverf Manager wizards to create the groups!
0
 

Author Comment

by:macwalker1
Comment Utility
Then I want to add the members to the group through the "Properties" tab, correct?
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
correct, under Members.
0
 

Author Comment

by:macwalker1
Comment Utility
The who manager?
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
Server Manager (SHould be on the top of the Start button menu)
0
 

Author Comment

by:macwalker1
Comment Utility
Ok got my members in there and there are several other tabs to choose from.  Security tab next?
0
 
LVL 32

Expert Comment

by:it_saige
Comment Utility
The Scope determines where in the AD tree you want this group to be accessible:

http://technet.microsoft.com/en-us/library/cc755692(WS.10).aspx

Type signifies whether it will be a Security Group (NTFS) or distribution group (mainly for Exchange):

http://technet.microsoft.com/en-us/library/cc781446(WS.10).aspx

In general, you will want either Global or Domain Local as your scope (Universal would really be used in cases where you deal with multiple AD trees via Trust Relationships and such) and your type set to Security.  Distribution will only be used if you want to create an Exchange Distribution Group.

HTH,

-saige-
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
you don't need to do anything else with that group.

Make sure it's in the SBS Organisational Unit in Active Directory Users and Computers though MyBusiness >
Security Groups if you didn't use the wizard.
0
 
LVL 32

Expert Comment

by:it_saige
Comment Utility
Either I'm typing to slow or you guys are just typing too fast...  LOL...  I think I can safely bow out of this question now...

-saige-
0
 

Author Comment

by:macwalker1
Comment Utility
lol i think i'm slow!  

Ok it's in the SBS\MyBusiness\SecurityGroup....now how do I apply that to the "share"  that I want only this group to have access to?
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
you right click the folder or share and under the security tab add the group  and assign the permissions.
0
 

Author Comment

by:macwalker1
Comment Utility
Ok just like an individual user.  I just did that.  Now I can remove the members that I previously entered individually, correct?  As they are now covered by the "Group".
0
 
LVL 31

Expert Comment

by:DrUltima
Comment Utility
You apply the permissions to the shared folder just like you did the other one, only use the group instead of the five individual users' accounts.
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
correct :)
0
 
LVL 31

Expert Comment

by:DrUltima
Comment Utility
Refresh... Sorry.
0
 
LVL 32

Expert Comment

by:it_saige
Comment Utility
You could go through the same process as before when you assigned the users to the resource, via the Security Tab of the resource.  Do not add the group to the Share permissions as those are already set (again it comes down to inheritance).  [The users are members of groups, on of those groups is called Authenticated Users/All Users/Everyone.  One (or all) of these groups are already defined in the current share permissions.]

-saige-
0
 

Author Comment

by:macwalker1
Comment Utility
I think I have the gist of it now.  I am going to remove the individual entries and leave just the group and see if one can access it.
0
 
LVL 32

Expert Comment

by:it_saige
Comment Utility
@demazter - Hey, I'm just here to help, I never try to be a point monger, just try to ensure that the correct information is deciminated.  :)

-saige-
0
 
LVL 32

Expert Comment

by:it_saige
Comment Utility
Don't forget.  If they cannot, have them log out and then log back in, again this is to refresh the security token as their group membership has changed.

-saige-
0
 
LVL 32

Expert Comment

by:it_saige
Comment Utility
@demazter - I took it the way it was intended.  I did indeed take it as a compliment.  Now if only I could get to the point of setting that cool orange color against the heading...  ;)

-saige-
0
 

Author Comment

by:macwalker1
Comment Utility
Ok I realize I've dragged this dog through the mud enough lol.  My last attempt didn't work.  I removed the user individually and they are NOT a member of this new group I created but they can still access the share after a log off.  

I'll keep twiddling with it till I figure it out.  Kudos to all that have went through the mud along with me. lol
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
they will be able to access the share but they shouldn't be able to access any of the data.  Remember, museum door, office door.
0
 

Author Comment

by:macwalker1
Comment Utility
)(*#(*@*(&$@#*@{#_@  Hang on!
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
don't leave me here too long.......
 hanging on.
0
 

Author Comment

by:macwalker1
Comment Utility
They can still access the Excel file.  But tell me if this matters...this user is a member of the administrators group, will that play a role in this given domain admins etc earlier, last WEEK in this post I gave "domainadmins" "Full Control" on the share?
0
 

Author Comment

by:macwalker1
Comment Utility
LOL LOL LOL  
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
ahhh.......if they are a member of the Administrators group and you have given administrators full control then they will have access to the files.
0
 

Author Comment

by:macwalker1
Comment Utility
Ok..see how I can complicate the foooool out of something!?  I need to have someone that isn't a member of the admin group to try this.  
0
 

Author Comment

by:macwalker1
Comment Utility
DONE DONE DONE DONE.  
I got it.  That user being a member of the admin group through me.


Thanks guys.  I will be back at some point with another episode of "Complicate This" (How to complicate MS even more).  lol

Have a great evening guys and hope to poke your 6 figure brains again soon!  lol

0
 

Author Comment

by:macwalker1
Comment Utility
I know this is closed but I've got an issue, please help!!!!!!!

Came in the office this morning only to find that the main primary user can access all the folders but many of the files within those folders he is "Denied Access" as the pop up says.

I've checked the properties and it says he has full control even on the file he's trying to open.  He's a member of the administrators group as well, the new group you guys helped me create yesterday etc.  He's the ONLY one having an issue.  He's rebooted the workstation he's on.  

He's getting REALLY MAD can someone help me out here?  I can't figure this out for the life of me.  Everything matches up with others that have no issues.
0
 
LVL 31

Expert Comment

by:DrUltima
Comment Utility
OK...

1) Make sure you don't have any explicit DENYs, either in the SHARE or the NTFS permissions.  Deny ALWAYS wins over Grant, so even if an Admin, if he is in some group that is Denied, he will be Denied.

2) Make sure permission inheritance is working correctly.

If you could, please post a screencast (link below) of you going through:

1) Your user's group memberships
2) Your file folder's share permissions (all of them)
3) Your file folder's NTFS permissions (all of them)
4) The individual file's NTFS permissions (all of them)

If you can't do a screencast (video of your onscreen actions), then provide pictures of each of what was requested above.

DrUltima

PS, this is probably worth opening a new Question, but until you can do so, I will continue to monitor here.  I am going to be tied up all afternoon, though, so a new question which is not closed will generate more Expert traffic that this one. -DrU
0
 

Author Comment

by:macwalker1
Comment Utility
DrU

Thanks I'll work on this.  What I just did was checked the box "Replace the permission entries on all child objects with entries shown here that apply to child objects."  

Although this didn't "stick", meaning the box isn't checked, it appears to affected the situation.  When I checked that box a smaller box popped up that seemed as if it were processing something....I had to click twice in that box as it prompted that I had to in order to continue.  It was so fast that I don't know what it said.  But it seems he can open everything he needs to now.

As for "Deny", there's not one "Deny" box checked either on Share or NTFS.  He's a member of the admin group as well.

Could there by any issue with a file being created and placed in this file BEFORE I got all this done in a more appropriate fashion that caused him this issue?

The reason I ask this is that he's not creating these Word Docs, two transcriptionists are doing it.  When I found one that he couldn't open the properties only had "administrator" as having access.  No one else.  On that single file.  Once I added him individually to just that file he couldn't open, he could open it.  

It's like when the file was created, that the person creating it by defualt only allowed access to the admin and no one else.  Still perplexing thought, as he's a member of the admin group.  He's the owner for Pete's sake!

DrU do you have a suggestion for the best way to create the screencast?  I've only needed to do this once and don't remember what I used.

Thanks again for all the help.

=Mac
0
 
LVL 31

Expert Comment

by:DrUltima
Comment Utility
If you have it resolved, there is no need for the screencast.... Replacing sub-folder and file inheritance should have resolved your problem.  You were probably being prompted to take ownership of a file so that you could modify its permissions.

Again, I suggest opening a new Related Question to further dive into proper file and folder permissions, inheritance, and scripts which can be implemented to correct actions such as files being placed with incorrectly modified permissions.

I will only be available for the next two hours.  After that, I cannot help today.

DrUltima
0
 

Author Comment

by:macwalker1
Comment Utility
Thanks DrU.  I'll open up elsewhere.  At this point it seems to be resolved.  But he is the king of "If it can happen, it will."
0
 
LVL 31

Expert Comment

by:DrUltima
Comment Utility
Just checking in... Are things going well for you now?

DrUltima
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now