Avatar of Nisroc66
Nisroc66
 asked on

Domain Local Group on one AD domain

Another question from my teacher:

In my workplace a new project is started and there is created a share for that project called 'project_1' a domain local group is created in AD named 'project1' and the people working on the project is added to this group. The network consists of on AD Domain.

The NTFS-rights to the share 'project_1' is as follows:

Allow Modify
Allow Read and Execute
Allow List Folder Contents
Allow Read
Allow Write

Some members of the domain local group 'project1' are having problems saving work to the folder 'project_1' but can read and open files. What is the most likely problem?

My first thoughts wast that the users in question are in a different domain or forest but it says that there is only on AD Domain, and would they even see the share if they were located in a different forest or sub domain? I think I'm missing some thing obvious
Microsoft Legacy OSWindows Server 2008Active Directory

Avatar of undefined
Last Comment
Nisroc66

8/22/2022 - Mon
motnahp00

The Sharing permission for the security group is configured to Read only.

Sharing and NTFS permissions are cumulative with the most restrictive combo winning.
mwheeler1982

If the AD group is newly created, it's possible that the users have not logged out/logged in and their new membership has not taken effect.

Can you go into the share and view the effective permissions for a user that's having problems to verify that they do indeed have access?
Venugopal N

Check if any other security group have deny write permission for the folder.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
Nisroc66

ASKER
all good suggestions, but I have a sneaky suspicion that it has something to do with 'domain local group' since it's specifically mentioned in the question. but I'm not sure
motnahp00

Since you stated that the environment only consists of 1 domain, it wouldn't matter if you created the group as DL, Global, or Universal.
Nisroc66

ASKER
but if the shearing permissions are set to read only, why can some of the users in the group still write to the folder?
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER CERTIFIED SOLUTION
motnahp00

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Nisroc66

ASKER
Thank you very much :)