Domain Local Group on one AD domain

Nisroc66 used Ask the Experts™
Another question from my teacher:

In my workplace a new project is started and there is created a share for that project called 'project_1' a domain local group is created in AD named 'project1' and the people working on the project is added to this group. The network consists of on AD Domain.

The NTFS-rights to the share 'project_1' is as follows:

Allow Modify
Allow Read and Execute
Allow List Folder Contents
Allow Read
Allow Write

Some members of the domain local group 'project1' are having problems saving work to the folder 'project_1' but can read and open files. What is the most likely problem?

My first thoughts wast that the users in question are in a different domain or forest but it says that there is only on AD Domain, and would they even see the share if they were located in a different forest or sub domain? I think I'm missing some thing obvious
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
The Sharing permission for the security group is configured to Read only.

Sharing and NTFS permissions are cumulative with the most restrictive combo winning.
If the AD group is newly created, it's possible that the users have not logged out/logged in and their new membership has not taken effect.

Can you go into the share and view the effective permissions for a user that's having problems to verify that they do indeed have access?
Check if any other security group have deny write permission for the folder.
How to Generate Services Revenue the Easiest Way

This Tuesday! Learn key insights about modern cyber protection services & gain practical strategies to skyrocket business:

- What it takes to build a cloud service portfolio
- How to determine which services will help your unique business grow
- Various use-cases and examples


all good suggestions, but I have a sneaky suspicion that it has something to do with 'domain local group' since it's specifically mentioned in the question. but I'm not sure
Since you stated that the environment only consists of 1 domain, it wouldn't matter if you created the group as DL, Global, or Universal.


but if the shearing permissions are set to read only, why can some of the users in the group still write to the folder?
If the user is accessing the resource based on read sharing permissions even though he/she has Full Control with NTFS, he/she is still limited to read only.


Thank you very much :)

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial