AutomationOne
asked on
File Rights and Effective Permissions
For some reason my domain user account is able to browse to shared folders and files that I do not have share or file rights to. When I check effective permissions for the user in question it reports back no rights yet I am able to manage any files or folders without restriction. The user in question is not the owner of any of the folders and is not a member of the domain admin group. When I check other users with same security group assignment they are restricted from folders accordingly.
The permissions used to work. Recently I configured folder redirection so I did have to perform some permission configurations but this was with a domain admin account directly on the fileserver. Not sure if it is related since other users in the same security groups are not experiencing the problem.
What am I missing? Thanks in advance.
The permissions used to work. Recently I configured folder redirection so I did have to perform some permission configurations but this was with a domain admin account directly on the fileserver. Not sure if it is related since other users in the same security groups are not experiencing the problem.
What am I missing? Thanks in advance.
aren't you in a group that has access to these files/folders?
You need to check all groups assigned to share/folder. NTFS permissions are cumulative, so if one group has read&execute rights and another has modify then if user is a member of both groups, he/she has modify rights. So, my suggestion is to check user group membership and check if other groups are not assigned to folder(s)
Regards,
Krzysztof
Regards,
Krzysztof
ASKER
Thank you. I should have included more information.
The user is not a member of a group that would allow any permissions to these folders. To confirm I removed the user from all group membership other than domain users. I logged the user account out and back in and was still able to access the folders the user should have been restricted from.
The user is not a member of a group that would allow any permissions to these folders. To confirm I removed the user from all group membership other than domain users. I logged the user account out and back in and was still able to access the folders the user should have been restricted from.
Make sure if there is no "Everyone" group assigned with inappropriate credentials. Everyone, should be used only on share with Full Control in this case or even better (for security) instead of everyone, put Authenticated Users there
Krzysztof
Krzysztof
ASKER
Effective Permissions should report accurately accounting for group assignment.
This is very weird.
SSID issue?
Recreate user?
This is very weird.
SSID issue?
Recreate user?
Did you configure the share and NTFS permissions? Are you accessing the file through UNC path of locally on server?
ASKER
Yes I configured the share and NTFS permissions.
No I am accessing the folders using UNC from a client workstation logged on as the user.
No I am accessing the folders using UNC from a client workstation logged on as the user.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
DUH...