Avatar of bankwest
bankwest
Flag for United States of America asked on

Apply changes to Active Dirctory

I have a Windows 2008 r2 server.  We also have 2 terminal servers.  I did changes to file permissions and had the user log off the network and then log back in.  

He tells me if he access's the folder in question from his local desktop, he still cant access the folder.  BUT if he logs on the the terminal server, he CAN access the folder.

What did I do wrong OR how do I force it to apply so he can also access the network folder from his local desktop.
Active DirectoryWindows Server 2008

Avatar of undefined
Last Comment
McKnife

8/22/2022 - Mon
bankwest

ASKER
Forgot to mention.   To give this user the permissions he needs, I added him to a group in Active Directory Users and Computers
SOLUTION
Brian Pierce

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Imal Upalakshitha

I think you have modified shared folder share permission to user. that is the reason he cannot access it from network.
when he access specified folder from TS session,I think he does it by opening local drives of server. so he does not need share permission for that.
if you have modify  NTFS permission incorrectly, TS session also cannot access folder
so you need to modify shared folder share permission i think
Tony Giangreco

He needs to be an ASD user and be joing to the domain for starters. After that is completed, verify his permisions are correct. Check his explidid permissions on that folder and verify he has read/write access.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
bankwest

ASKER
On my Network-data drive the Share permissions show Everyone with full control.   Then the NTFS permissions shows:
Domain Admins with full Control
Users (for our domain) with read, list and read & execute.

Then I go to the folder in question and the Group he is in has Modify, Read & Execute, List and Read

When I look at the effective permissions on that folder, that group has the correct permissions.

So I don't understand why he can't access the information from his local desktop but can from his TS desktop.

He is a user in Active Directory and is joined to our domain correctly and when I look at that folder and permissions...That group has correct permissions.  

Also, as a side note:   I thought in reading about permissions, that Share permissions and NTFS are independent of each other.    And one approach suggested is to set share permissions to full control on everyone (which I did) and rely on NTFS permissions to restict access.
SOLUTION
McKnife

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
bankwest

ASKER
McKnife

That command Produces same result for both.  (Our DC)
McKnife

Hi and merry xmas!

You still did not make clear if that resource is on a share of the TS or on another Server. Please do so.
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
bankwest

ASKER
Sorry......   Got side tracked.    I did the command above and as it should be, the resource is our primary domain controller.   Confirmed it both locally and thru TS login.    So, the share is on another server
bankwest

ASKER
Thinking on this.   This is first time that I have set file permissions on a network.    So I am trying to be very cautious.  
Could this be my problem??
Let say John is a loan officer and needs modify/read/read execute on folder called LOAN

John is a member of the users group that has read and read/execute and is also a member of VP group that has modify, read and read/execute

Since he is a member of both groups will the settings for Users override settings for VP?
since they are more restrictive
ASKER CERTIFIED SOLUTION
McKnife

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.