• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 345
  • Last Modified:

File Rights and Effective Permissions

For some reason my domain user account is able to browse to shared folders and files that I do not have share or file rights to. When I check effective permissions for the user in question it reports back no rights yet I am able to manage any files or folders without restriction. The user in question is not the owner of any of the folders and is not a member of the domain admin group. When I check other users with same security group assignment they are restricted from folders accordingly.

The permissions used to work. Recently I configured folder redirection so I did have to perform some permission configurations but this was with a domain admin account directly on the fileserver. Not sure if it is related since other users in the same security groups are not experiencing the problem.
 
What am I missing? Thanks in advance.
0
AutomationOne
Asked:
AutomationOne
1 Solution
 
Ehab SalemCommented:
aren't you in a group that has access to these files/folders?
0
 
Krzysztof PytkoActive Directory EngineerCommented:
You need to check all groups assigned to share/folder. NTFS permissions are cumulative, so if one group has read&execute rights and another has modify then if user is a member of both groups, he/she has modify rights. So, my suggestion is to check user group membership and check if other groups are not assigned to folder(s)

Regards,
Krzysztof
0
 
AutomationOneAuthor Commented:
Thank you. I should have included more information.

The user is not a member of a group that would allow any permissions to these folders. To confirm I removed the user from all group membership other than domain users. I logged the user account out and back in and was still able to access the folders the user should have been restricted from.
0
Free recovery tool for Microsoft Active Directory

Veeam Explorer for Microsoft Active Directory provides fast and reliable object-level recovery for Active Directory from a single-pass, agentless backup or storage snapshot — without the need to restore an entire virtual machine or use third-party tools.

 
Krzysztof PytkoActive Directory EngineerCommented:
Make sure if there is no "Everyone" group assigned with inappropriate credentials. Everyone, should be used only on share with Full Control in this case or even better (for security) instead of everyone, put Authenticated Users there

Krzysztof
0
 
AutomationOneAuthor Commented:
Effective Permissions should report accurately accounting for group assignment.

This is very weird.

SSID issue?
Recreate user?
0
 
Darius GhassemCommented:
Did you configure the share and NTFS permissions? Are you accessing the file through UNC path of locally on server?
0
 
AutomationOneAuthor Commented:
Yes I configured the share and NTFS permissions.

No I am accessing the folders using UNC from a client workstation logged on as the user.

0
 
AutomationOneAuthor Commented:
Windows 7

Control Panel > User Accounts > Manage Your Credentials

Under Windows Credentials there was an entry for the fileserver. At some point in time the Domain Admin credentials were entered to access the fileserver.
0
 
AutomationOneAuthor Commented:
DUH...
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now