Shared Folders Security Permissions - SBS 2011

Scenario….the following was set up when a new server was installed

D:\Shared Data\FolderA  and D:\Shared Data\FolderB

Group C does not have permission for the upper level folder Shared Data

Permissions for Group C on both folders A & B are identical – I’ve checked, checked and rechecked.

Read & Execute
List Folder
Read
Write
With Special Permissions of Delete Denied

FolderA – Group C can do the following
Save a new file to the folder
Save an edited version of a file opened from the folder
Create a new folder
Save a new file to a newly created folder

FolderB – Group C can do the following
Save only an empty (0 byte) new file to the folder (the system saves an empty file, then comes back and says the file exists already.  When you say ok to replace it then system say it cannot save because the folder is read only).
Save an edited version of a file opened from the folder
Create a new folder
Save a new file to a newly created folder

Why can’t Group C save/write a new file to the existing FolderB?
LCW1400Asked:
Who is Participating?
 
LCW1400Connect With a Mentor Author Commented:
Here is a follow up.  With the help of our outside tech support, we narrowed it down to the ability to save excel files in any shared folder with restricted permissions.  Because we had denied the Group C the ability to delete, the excel file couldn’t be saved.   This apparently was an issue with both folders but wasn’t noticed right away as the person was saving a pdf file in Folder A and an excel file in Folder B.

Here is the link to the Microsoft KB file that describes the issue -- look about midway down the page:   http://support.microsoft.com/kb/271513/en-us

Thanks for the help!
0
 
Rob WilliamsCommented:
A few thoughts:
I assume the share permissions are set to allow Everyone full control?

Is there a check mark or gray infill in the "Special Permissions" box of the NTFS permissions?  

It is possible to have the permissions applied to the parent folder but not the contents or child folders.

If you run from a command line, for each folder, is the output the same?  i.e. the permissions are the same?
cacls D:\Shared Data\FolderA
0
 
LCW1400Author Commented:
The share permissions are set to allow everyone full control.
There are check marks for both folders for the special permissions box.

I'll look again at the contents/child folders permissions and check the permissions from the command line.  Unfortunately, I have to wait until Wed 9/5 to get access to the server.  I'll post results then.

Thank you for your suggestions.
0
Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

 
Rob WilliamsConnect With a Mentor Commented:
If "special permissions" are enabled it is possible that the permissions are applied to the folder only and not the contents.
That is to say; under advanced permissions; most often permissions are are applied to "this folder, subfolders, and files", but the option exists to apply only to "this folder only"

Try going into advanced permissions of a sub folder, click on the effective permissions tab, select a problematic user and see what is shows for their existing permissions.  That might shed some light on it.

Let us know how you make out next week.
0
 
Rob WilliamsCommented:
Thanks for reporting your findings.  Glad to hear you were able to resolve.
--Rob
0
 
LCW1400Author Commented:
Thank you Rob Will for making suggestions that allowed us to keep troubleshooting and narrow the issue down.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.