Solved

Users Group Security Permissions

Posted on 2011-03-18
4
314 Views
Last Modified: 2012-05-11
I have a user, we will call them test, that I want to restrict from folder on my domain. I have the Users group setup that they can have access to my shared folder on my network. Everyone is in the Users group the logons to the domain except for test. Now I have checked all the members of Users and groups that are also members in the Users group, and test is not in any of them.

Through testing, I have found out that the Users group is still controlling permissions for test. That is I create a new shared folder that inherited the Users group. Test does not have permission but can still get into the share. If I take out the Users group, test does not have rights anymore. This makes no sense to me...any ideas why this is happening?
0
Comment
Question by:itadminnek
  • 2
4 Comments
 
LVL 29

Expert Comment

by:Randy Downs
ID: 35167969
Just deny test specifically
0
 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 250 total points
ID: 35167971
Best in this case to use Deny permissions. Deny has the highest priority ans will override all other permissions. You can just set the test user group to deny.
0
 
LVL 29

Accepted Solution

by:
Randy Downs earned 250 total points
ID: 35167976
Here's a writeup on deny - http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/SBS_Small_Business_Server/Q_24522514.html
"2. permissions issue

For the sluggishness of the server, the hard drive is the most common culprit.  I would schedule a checkdisk to run at the next reboot, and then reboot the server at the soonest reasonable chance you get.  Watch it to see if any errors are corrected, and then see if its faster.

For the permissions issue, you have to be really careful when using the "deny" permission.  the most success I've had it to creat a new group for all the "authorized users--that is, everyone except the limited ones and mimic the permissions of everyone everywhere you see that.  Then create a restricted group, and only give it permissions to what the user(s) should get into. Lastly, when you are certain you've done it right, remove the everyone group from the permissions of the data directories. Make sure you dont mess up your backup system, whatever that may be.
"
0
 

Author Comment

by:itadminnek
ID: 35168036
Thanks guys I will give this a try and let you know.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I’m often asked about newer and larger USB drives connected to SBS2008 and 2011 failing Windows Server Backup vs the older USB drives not failing. As disk space continues to grow and drive technology change SBS2008 and some SBS2011 end up with the f…
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question