File Rights and Effective Permissions

For some reason my domain user account is able to browse to shared folders and files that I do not have share or file rights to. When I check effective permissions for the user in question it reports back no rights yet I am able to manage any files or folders without restriction. The user in question is not the owner of any of the folders and is not a member of the domain admin group. When I check other users with same security group assignment they are restricted from folders accordingly.

The permissions used to work. Recently I configured folder redirection so I did have to perform some permission configurations but this was with a domain admin account directly on the fileserver. Not sure if it is related since other users in the same security groups are not experiencing the problem.
 
What am I missing? Thanks in advance.
AutomationOneAsked:
Who is Participating?
 
AutomationOneAuthor Commented:
Windows 7

Control Panel > User Accounts > Manage Your Credentials

Under Windows Credentials there was an entry for the fileserver. At some point in time the Domain Admin credentials were entered to access the fileserver.
0
 
Ehab SalemIT ManagerCommented:
aren't you in a group that has access to these files/folders?
0
 
Krzysztof PytkoSenior Active Directory EngineerCommented:
You need to check all groups assigned to share/folder. NTFS permissions are cumulative, so if one group has read&execute rights and another has modify then if user is a member of both groups, he/she has modify rights. So, my suggestion is to check user group membership and check if other groups are not assigned to folder(s)

Regards,
Krzysztof
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
AutomationOneAuthor Commented:
Thank you. I should have included more information.

The user is not a member of a group that would allow any permissions to these folders. To confirm I removed the user from all group membership other than domain users. I logged the user account out and back in and was still able to access the folders the user should have been restricted from.
0
 
Krzysztof PytkoSenior Active Directory EngineerCommented:
Make sure if there is no "Everyone" group assigned with inappropriate credentials. Everyone, should be used only on share with Full Control in this case or even better (for security) instead of everyone, put Authenticated Users there

Krzysztof
0
 
AutomationOneAuthor Commented:
Effective Permissions should report accurately accounting for group assignment.

This is very weird.

SSID issue?
Recreate user?
0
 
Darius GhassemCommented:
Did you configure the share and NTFS permissions? Are you accessing the file through UNC path of locally on server?
0
 
AutomationOneAuthor Commented:
Yes I configured the share and NTFS permissions.

No I am accessing the folders using UNC from a client workstation logged on as the user.

0
 
AutomationOneAuthor Commented:
DUH...
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.