Destination Folder Access Denied

iain_stephen
iain_stephen used Ask the Experts™
on
Single 2008 Server Std - Active Directory - simple set up.  10 users in the local domain in AD.

Created a shared folder called 'Data' at the root of the storage volume.

Share Permissions - Everyone Full Control.  NTFS Permissions - Everyone Full Control.

Created another folder called 'Human Resources' in the 'Data' Directory - it inherited permissions from above.  Set 2 users to Full control in security (Administrator and HR person) - everyone else to denied.  

Administrator account is fine - can edit, save files - HR person cannot - gets Destination Folder Access Denied when trying to save or change files.  If I make HR person administrator he is able to make changes but this problem applies to all folders - all users - and I can't make everyone an administrator..

I tried it with groups in AD as well - same issue.  I am at a loss...  Please help.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
The result you get is expected as Deny ACEs take priority over Grant ACEs.

You should remove inheritance for HR folder and built their ACL from scratch leaving access to HR and admins only.

As a best practice I'd recommend using custom AD groups for managing folders' ACLs. For example, you could have 2 ACEs for your folder: FS_HR_FULL for full access and FS_HR_READ for read-only access. Once set up later you manage only AD group membership and never touch the actual ACLs anymore.
iain_stephenIT Manager

Author

Commented:
Ok - I'll be honest - I have done all of that already - I was trying to take the folder back to the basics - Originally I had built groups and assigned them - but they don't work either - so I went back to specific users.

I also built the folder structure and permissions from scratch - same issue unless I make them administrators they can't write to the folders.

Commented:
What does the Effective Permission tab show for your HR user?
Become a Microsoft Certified Solutions Expert

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

iain_stephenIT Manager

Author

Commented:
Checkmarks in every box when I pull up the user - same as the administraor.
iain_stephenIT Manager

Author

Commented:
The server was built by someone else - they put all staff in administrators group - I didn't understand why they did that until I saw this issue - now I'm thinking they ran into some kind of bug and cheated it by giving everyone admin rights.

Commented:
Does this happen if a user accesses files locally (not over share/network)?
iain_stephenIT Manager

Author

Commented:
You mean if they log on to the console itself?  I have RDP'd in as several of them to the server and just browsed directly to the folders - right click - create new text document - get the same error.
IT Consultant
Commented:
How large is this share? What happens if you create a new Share on that server (from scratch - not in the same location as other share) and apply the permissions you want on there? Does it work or do you run into the same issue?
iain_stephenIT Manager

Author

Commented:
I rebuilt the entire structure - seems it was acting up because of the former use of administrator level permissions that have since been removed.  It is working now as I would have expected.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial