[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Shared Folders Security Permissions - SBS 2011

Posted on 2012-08-30
Medium Priority
Last Modified: 2012-09-10
Scenario….the following was set up when a new server was installed

D:\Shared Data\FolderA  and D:\Shared Data\FolderB

Group C does not have permission for the upper level folder Shared Data

Permissions for Group C on both folders A & B are identical – I’ve checked, checked and rechecked.

Read & Execute
List Folder
With Special Permissions of Delete Denied

FolderA – Group C can do the following
Save a new file to the folder
Save an edited version of a file opened from the folder
Create a new folder
Save a new file to a newly created folder

FolderB – Group C can do the following
Save only an empty (0 byte) new file to the folder (the system saves an empty file, then comes back and says the file exists already.  When you say ok to replace it then system say it cannot save because the folder is read only).
Save an edited version of a file opened from the folder
Create a new folder
Save a new file to a newly created folder

Why can’t Group C save/write a new file to the existing FolderB?
Question by:LCW1400
  • 3
  • 3
LVL 78

Expert Comment

by:Rob Williams
ID: 38352687
A few thoughts:
I assume the share permissions are set to allow Everyone full control?

Is there a check mark or gray infill in the "Special Permissions" box of the NTFS permissions?  

It is possible to have the permissions applied to the parent folder but not the contents or child folders.

If you run from a command line, for each folder, is the output the same?  i.e. the permissions are the same?
cacls D:\Shared Data\FolderA

Author Comment

ID: 38354377
The share permissions are set to allow everyone full control.
There are check marks for both folders for the special permissions box.

I'll look again at the contents/child folders permissions and check the permissions from the command line.  Unfortunately, I have to wait until Wed 9/5 to get access to the server.  I'll post results then.

Thank you for your suggestions.
LVL 78

Assisted Solution

by:Rob Williams
Rob Williams earned 900 total points
ID: 38354431
If "special permissions" are enabled it is possible that the permissions are applied to the folder only and not the contents.
That is to say; under advanced permissions; most often permissions are are applied to "this folder, subfolders, and files", but the option exists to apply only to "this folder only"

Try going into advanced permissions of a sub folder, click on the effective permissions tab, select a problematic user and see what is shows for their existing permissions.  That might shed some light on it.

Let us know how you make out next week.
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.


Accepted Solution

LCW1400 earned 0 total points
ID: 38368843
Here is a follow up.  With the help of our outside tech support, we narrowed it down to the ability to save excel files in any shared folder with restricted permissions.  Because we had denied the Group C the ability to delete, the excel file couldn’t be saved.   This apparently was an issue with both folders but wasn’t noticed right away as the person was saving a pdf file in Folder A and an excel file in Folder B.

Here is the link to the Microsoft KB file that describes the issue -- look about midway down the page:   http://support.microsoft.com/kb/271513/en-us

Thanks for the help!
LVL 78

Expert Comment

by:Rob Williams
ID: 38368864
Thanks for reporting your findings.  Glad to hear you were able to resolve.

Author Closing Comment

ID: 38382340
Thank you Rob Will for making suggestions that allowed us to keep troubleshooting and narrow the issue down.

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Written by Glen Knight (demazter) as part of a series of how-to articles. Introduction One of the biggest consumers of disk space with Small Business Server 2008(SBS) is Windows Server Update Services, more affectionately known as WSUS. For t…
The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Suggested Courses
Course of the Month19 days, 20 hours left to enroll

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question