Solved

Users Group Security Permissions

Posted on 2011-03-18
4
313 Views
Last Modified: 2012-05-11
I have a user, we will call them test, that I want to restrict from folder on my domain. I have the Users group setup that they can have access to my shared folder on my network. Everyone is in the Users group the logons to the domain except for test. Now I have checked all the members of Users and groups that are also members in the Users group, and test is not in any of them.

Through testing, I have found out that the Users group is still controlling permissions for test. That is I create a new shared folder that inherited the Users group. Test does not have permission but can still get into the share. If I take out the Users group, test does not have rights anymore. This makes no sense to me...any ideas why this is happening?
0
Comment
Question by:itadminnek
  • 2
4 Comments
 
LVL 29

Expert Comment

by:Randy Downs
ID: 35167969
Just deny test specifically
0
 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 250 total points
ID: 35167971
Best in this case to use Deny permissions. Deny has the highest priority ans will override all other permissions. You can just set the test user group to deny.
0
 
LVL 29

Accepted Solution

by:
Randy Downs earned 250 total points
ID: 35167976
Here's a writeup on deny - http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/SBS_Small_Business_Server/Q_24522514.html
"2. permissions issue

For the sluggishness of the server, the hard drive is the most common culprit.  I would schedule a checkdisk to run at the next reboot, and then reboot the server at the soonest reasonable chance you get.  Watch it to see if any errors are corrected, and then see if its faster.

For the permissions issue, you have to be really careful when using the "deny" permission.  the most success I've had it to creat a new group for all the "authorized users--that is, everyone except the limited ones and mimic the permissions of everyone everywhere you see that.  Then create a restricted group, and only give it permissions to what the user(s) should get into. Lastly, when you are certain you've done it right, remove the everyone group from the permissions of the data directories. Make sure you dont mess up your backup system, whatever that may be.
"
0
 

Author Comment

by:itadminnek
ID: 35168036
Thanks guys I will give this a try and let you know.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

I've often see, or have been asked, the question about the difference between the Exchange 2010 SP1 version, available as part of Small Business Server (SBS) 2011, and the “normal” Exchange 2010 SP1 Standard. The answer to the question is relativ…
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now