Solved

Sharing folders using user groups in Windows 2008 server.

Posted on 2011-09-05
9
300 Views
Last Modified: 2012-05-12
Hi,

I am trying to share folders using user groups in the AD on Windows 2008 server. On Windows 2003 server, one would normaly follow the following procedure:

1) Create your user group and assign users to this group in the Windows AD
2) Create the folder, and share it to "domain Users" with full permisions.
3) Go to the NTFS permisions of this folder, and assign it to the group that you have created in the AD, and give it the appropriate permissions.

Bob's your uncle, it then works. But following the above on a Windows 2008 server has diffrent results, for example:

1) I create my User Group in AD, and assign my users to it
2) I create a folder and share it to the domain users
3) I then go to the NTFS permisions of this folder, and assign it to the group that you have created in the AD, and give it the appropriate permissions
                                                  Problem is:
Regardless to the user groups I assign in the NTFS security, everyone still has access to the folder. Nothing I do in the NTFS security on Windows 2008 server, when I add users or remove users from the group I added to the folder changes. The only thing I can do to change "something" is on the share, when I reduce the access level on the domain user from "Co-Ownder" to contributer, or lower. A typlical share that I create on Windows server 2008 lookd like this:

Share permisions:
Administrator (owner)
Domain Users (Co-Owner)

NTFS Permisions (Management)   <-- a group I created in the AD, there are 2 users that belong to this group

Regardles of the above config, everyone still has access to this folder. In Windows 2003, this normaly works great without fail.

Please tell me what I am missing....

Thank-you!
0
Comment
Question by:wimpie_asg
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +1
9 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 36485291
There is nothing else listed in the NTFS permissions other than than the one group?  Could you post a screen shot if possible.  

Thanks

Mike
0
 

Expert Comment

by:Mabr0
ID: 36485358
Hi wimpie_asg,

I would like to see please the snap shot for  Managment Group in  2003 and 2008 at least to see the configuration of that Group.
0
 
LVL 3

Author Comment

by:wimpie_asg
ID: 36485374
Apolegies for the amature picture(s), I hope you can make out what it is all about.

You might have to download the picture if it is to small on the web browser, it would be big in Paint.
Sharing-Permissions.jpg
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 3

Author Comment

by:wimpie_asg
ID: 36485428
My apolegies - on this screen shot I marked the User group - I did not indicate the User Group in the previous image capture.
Sharing-Permissions.jpg
0
 
LVL 3

Author Comment

by:wimpie_asg
ID: 36486728
Anyone please - this is anoying issue to have since it works great on Windows 2003, but not Windows 2008.
0
 

Expert Comment

by:TecnicalAdmin
ID: 36488266
If your problem is that all users mustn't read the content of the shared folder, i suggest you to use the advanced sharing instead of simple sharing.
With advanced sharing
Otherwise if you problem is that all users con read the content but mustn't modify it, i suggest you to remove domain users from the NTFS Permission or change the permission from Modify to Read Only.

:)
0
 
LVL 3

Author Comment

by:wimpie_asg
ID: 36488918
Hi,

Thank-you.

The problem I have is, I created a group in AD, and added two users to it. I then add this group in the NTFS file permisions, and give it the appropriate access level. Even though I add domain users to the directory share, and add this group, everyone still has access to it. I want only the group with the two users to have access to it. This works 100% in Windows server 2003, but I cant do it the same in Windows 2008 server.

I only want the user group I added to the NTFS share to have access, no one else.
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 36488950
in your screenshot it looks like Users have "read and execute" rights to the R and J folder.


Thanks


Mike
0
 

Expert Comment

by:Mabr0
ID: 36498560
Hi,

Yes, I think you have to remove Inheritable permission from the object.

Thnks
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question