iain_stephen
asked on
Destination Folder Access Denied
Single 2008 Server Std - Active Directory - simple set up. 10 users in the local domain in AD.
Created a shared folder called 'Data' at the root of the storage volume.
Share Permissions - Everyone Full Control. NTFS Permissions - Everyone Full Control.
Created another folder called 'Human Resources' in the 'Data' Directory - it inherited permissions from above. Set 2 users to Full control in security (Administrator and HR person) - everyone else to denied.
Administrator account is fine - can edit, save files - HR person cannot - gets Destination Folder Access Denied when trying to save or change files. If I make HR person administrator he is able to make changes but this problem applies to all folders - all users - and I can't make everyone an administrator..
I tried it with groups in AD as well - same issue. I am at a loss... Please help.
Created a shared folder called 'Data' at the root of the storage volume.
Share Permissions - Everyone Full Control. NTFS Permissions - Everyone Full Control.
Created another folder called 'Human Resources' in the 'Data' Directory - it inherited permissions from above. Set 2 users to Full control in security (Administrator and HR person) - everyone else to denied.
Administrator account is fine - can edit, save files - HR person cannot - gets Destination Folder Access Denied when trying to save or change files. If I make HR person administrator he is able to make changes but this problem applies to all folders - all users - and I can't make everyone an administrator..
I tried it with groups in AD as well - same issue. I am at a loss... Please help.
ASKER
Ok - I'll be honest - I have done all of that already - I was trying to take the folder back to the basics - Originally I had built groups and assigned them - but they don't work either - so I went back to specific users.
I also built the folder structure and permissions from scratch - same issue unless I make them administrators they can't write to the folders.
I also built the folder structure and permissions from scratch - same issue unless I make them administrators they can't write to the folders.
What does the Effective Permission tab show for your HR user?
ASKER
Checkmarks in every box when I pull up the user - same as the administraor.
ASKER
The server was built by someone else - they put all staff in administrators group - I didn't understand why they did that until I saw this issue - now I'm thinking they ran into some kind of bug and cheated it by giving everyone admin rights.
Does this happen if a user accesses files locally (not over share/network)?
ASKER
You mean if they log on to the console itself? I have RDP'd in as several of them to the server and just browsed directly to the folders - right click - create new text document - get the same error.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I rebuilt the entire structure - seems it was acting up because of the former use of administrator level permissions that have since been removed. It is working now as I would have expected.
You should remove inheritance for HR folder and built their ACL from scratch leaving access to HR and admins only.
As a best practice I'd recommend using custom AD groups for managing folders' ACLs. For example, you could have 2 ACEs for your folder: FS_HR_FULL for full access and FS_HR_READ for read-only access. Once set up later you manage only AD group membership and never touch the actual ACLs anymore.