• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 406
  • Last Modified:

Setting Server 2008 file permissions

We have a domain running active directory

We have a folder located on a MS server 2008 machine lets call it TEST

This folder is shared with the Advanced Sharing permissions and the security group
SEC-TESTGROUP that contains multiuple people are in this group. The Security group has full control of that share

There are other folders under the TEST folder. One in particular called SECRET. By default with inherited permission everyone in the SEC-TESTGROUP group has access to this

I am trying to prevent all but 2 people getting into that folder. I have shut off inherited permssions under the security tab on that folder, and added only the 2 users I want to have access to that folder. However everyone in the SEC-TESTGROUP security group can still access that folder just as before.

Can someone explain what I am doing wrong? I'm sure its something simple and I am just missing it.

Thanks


0
TechEagle
Asked:
TechEagle
  • 2
  • 2
  • 2
  • +1
1 Solution
 
Mike KlineCommented:
When you turned off inheritance did you copy the permissions.  Double check and make sure that the SEC-TESTGROUP is not listed on the ACL of the Secret folder.  If it is then remove the group and make sure only the two people (and admins) have rights.

Thanks

Mike
0
 
TechEagleAuthor Commented:
I know I copied the permissions, but I'm very sure I deleted the SEC-TESTGROUP after I copied

I'm sure Im looking the the right place. All I see is the following

SYSTEM
Authorized user 1
Authorized user 2
Domain Admins
Administrators (*local server Machine name*\administrators)
Users (*local server machine name\users)

I don't see  that security group listed anywhere under the properties,security tab for the SECRET folder.
0
 
Joseph MoodyBlogger and wearer of all hats.Commented:
Are they a member of the local users, administrator, or doamin admins?
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
x3manCommented:
Remove the Users group so that you only have:
SYSTEM
Authorized user 1
Authorized user 2
Domain Admins
Administrators (*local server Machine name*\administrators)
0
 
x3manCommented:
As Jmoody said, check that SEC-TESTGROUP is not also a member of other groups that have permissions, such as the Domain Admins group etc.
0
 
TechEagleAuthor Commented:
Double checked. SEC-TESTGROUP is not a member of Domain Admins.

Removing the Users (*local server machine name\users) setting seems to have fixed the issue

Can someone explain this one to me? Its a local security group. Why would a domain account be  considered a memeber of that local security group?

Thanks again

0
 
Joseph MoodyBlogger and wearer of all hats.Commented:
Local Users automatically includes domain users in it (if the machine is not in the domain controllers group). If this was not the case, you would have to manually set up each machine on who can log in, create local user profiles, etc.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

On-Demand: Securing Your Wi-Fi for Summer Travel

Traveling this summer?Check out our on-demand webinar to learn about the importance of Wi-Fi security and 3 easy measures you can start taking immediately to protect your private data while using public Wi-Fi. Follow us today to learn more!

  • 2
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now