Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Setting Server 2008 file permissions

Posted on 2011-04-20
7
Medium Priority
?
397 Views
Last Modified: 2013-12-04
We have a domain running active directory

We have a folder located on a MS server 2008 machine lets call it TEST

This folder is shared with the Advanced Sharing permissions and the security group
SEC-TESTGROUP that contains multiuple people are in this group. The Security group has full control of that share

There are other folders under the TEST folder. One in particular called SECRET. By default with inherited permission everyone in the SEC-TESTGROUP group has access to this

I am trying to prevent all but 2 people getting into that folder. I have shut off inherited permssions under the security tab on that folder, and added only the 2 users I want to have access to that folder. However everyone in the SEC-TESTGROUP security group can still access that folder just as before.

Can someone explain what I am doing wrong? I'm sure its something simple and I am just missing it.

Thanks


0
Comment
Question by:TechEagle
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 35432347
When you turned off inheritance did you copy the permissions.  Double check and make sure that the SEC-TESTGROUP is not listed on the ACL of the Secret folder.  If it is then remove the group and make sure only the two people (and admins) have rights.

Thanks

Mike
0
 
LVL 1

Author Comment

by:TechEagle
ID: 35432407
I know I copied the permissions, but I'm very sure I deleted the SEC-TESTGROUP after I copied

I'm sure Im looking the the right place. All I see is the following

SYSTEM
Authorized user 1
Authorized user 2
Domain Admins
Administrators (*local server Machine name*\administrators)
Users (*local server machine name\users)

I don't see  that security group listed anywhere under the properties,security tab for the SECRET folder.
0
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 35432423
Are they a member of the local users, administrator, or doamin admins?
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
LVL 9

Accepted Solution

by:
x3man earned 500 total points
ID: 35432436
Remove the Users group so that you only have:
SYSTEM
Authorized user 1
Authorized user 2
Domain Admins
Administrators (*local server Machine name*\administrators)
0
 
LVL 9

Expert Comment

by:x3man
ID: 35432447
As Jmoody said, check that SEC-TESTGROUP is not also a member of other groups that have permissions, such as the Domain Admins group etc.
0
 
LVL 1

Author Comment

by:TechEagle
ID: 35432573
Double checked. SEC-TESTGROUP is not a member of Domain Admins.

Removing the Users (*local server machine name\users) setting seems to have fixed the issue

Can someone explain this one to me? Its a local security group. Why would a domain account be  considered a memeber of that local security group?

Thanks again

0
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 35432580
Local Users automatically includes domain users in it (if the machine is not in the domain controllers group). If this was not the case, you would have to manually set up each machine on who can log in, create local user profiles, etc.
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question