Make Your Microsoft Dynamics Investment Count & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.
Course Of The Month
Become a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Apply changes to Active Dirctory
Posted on 2012-12-21
I have a Windows 2008 r2 server. We also have 2 terminal servers. I did changes to file permissions and had the user log off the network and then log back in.
He tells me if he access's the folder in question from his local desktop, he still cant access the folder. BUT if he logs on the the terminal server, he CAN access the folder.
What did I do wrong OR how do I force it to apply so he can also access the network folder from his local desktop.
He tells me if he access's the folder in question from his local desktop, he still cant access the folder. BUT if he logs on the the terminal server, he CAN access the folder.
What did I do wrong OR how do I force it to apply so he can also access the network folder from his local desktop.
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
5
3
- +2
11 Comments
Forgot to mention. To give this user the permissions he needs, I added him to a group in Active Directory Users and Computers
use the effective permissions option to determine actual permissions - see http://technet.microsoft.com/en-us/library/cc756795(v=ws.10).aspx
also check both the SHARE and NTFS permissions
also check both the SHARE and NTFS permissions
Active 1 day ago
I think you have modified shared folder share permission to user. that is the reason he cannot access it from network.
when he access specified folder from TS session,I think he does it by opening local drives of server. so he does not need share permission for that.
if you have modify NTFS permission incorrectly, TS session also cannot access folder
so you need to modify shared folder share permission i think
when he access specified folder from TS session,I think he does it by opening local drives of server. so he does not need share permission for that.
if you have modify NTFS permission incorrectly, TS session also cannot access folder
so you need to modify shared folder share permission i think
He needs to be an ASD user and be joing to the domain for starters. After that is completed, verify his permisions are correct. Check his explidid permissions on that folder and verify he has read/write access.
On my Network-data drive the Share permissions show Everyone with full control. Then the NTFS permissions shows:
Domain Admins with full Control
Users (for our domain) with read, list and read & execute.
Then I go to the folder in question and the Group he is in has Modify, Read & Execute, List and Read
When I look at the effective permissions on that folder, that group has the correct permissions.
So I don't understand why he can't access the information from his local desktop but can from his TS desktop.
He is a user in Active Directory and is joined to our domain correctly and when I look at that folder and permissions...That group has correct permissions.
Also, as a side note: I thought in reading about permissions, that Share permissions and NTFS are independent of each other. And one approach suggested is to set share permissions to full control on everyone (which I did) and rely on NTFS permissions to restict access.
Domain Admins with full Control
Users (for our domain) with read, list and read & execute.
Then I go to the folder in question and the Group he is in has Modify, Read & Execute, List and Read
When I look at the effective permissions on that folder, that group has the correct permissions.
So I don't understand why he can't access the information from his local desktop but can from his TS desktop.
He is a user in Active Directory and is joined to our domain correctly and when I look at that folder and permissions...That group has correct permissions.
Also, as a side note: I thought in reading about permissions, that Share permissions and NTFS are independent of each other. And one approach suggested is to set share permissions to full control on everyone (which I did) and rely on NTFS permissions to restict access.
Active today
Hi.
You have to make clear if that resource is on a share of the TS or on another server. If on another server, the only possible explanation would be: the access token is assigned by a domain controller and the TS does not choose the same DC as the workstation does. So maybe the change in group membership has not replicated to that DC the workstation chooses. That would make it a replication problem.
See if the command
echo %logonserver%
produces the same result or not.
You have to make clear if that resource is on a share of the TS or on another server. If on another server, the only possible explanation would be: the access token is assigned by a domain controller and the TS does not choose the same DC as the workstation does. So maybe the change in group membership has not replicated to that DC the workstation chooses. That would make it a replication problem.
See if the command
echo %logonserver%
produces the same result or not.
Active today
Hi and merry xmas!
You still did not make clear if that resource is on a share of the TS or on another Server. Please do so.
You still did not make clear if that resource is on a share of the TS or on another Server. Please do so.
Sorry...... Got side tracked. I did the command above and as it should be, the resource is our primary domain controller. Confirmed it both locally and thru TS login. So, the share is on another server
Thinking on this. This is first time that I have set file permissions on a network. So I am trying to be very cautious.
Could this be my problem??
Let say John is a loan officer and needs modify/read/read execute on folder called LOAN
John is a member of the users group that has read and read/execute and is also a member of VP group that has modify, read and read/execute
Since he is a member of both groups will the settings for Users override settings for VP?
since they are more restrictive
Could this be my problem??
Let say John is a loan officer and needs modify/read/read execute on folder called LOAN
John is a member of the users group that has read and read/execute and is also a member of VP group that has modify, read and read/execute
Since he is a member of both groups will the settings for Users override settings for VP?
since they are more restrictive
Featured Post
Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory.
If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012.
Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Suggested Courses
Earn Certification
HTML5 Specialist - Certification
Free withPremium
Course of the Month4 days, 3 hours left to enroll
Earn Certification
MCSA Configuring Windows 7 Exam 70-680
$49.00$44.10
630 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.