Solved

AD Groups question

Posted on 2013-02-01
13
274 Views
Last Modified: 2013-02-04
If the use is a member of higher privilege group and lesser privilege group.  Which one is prevails?  For some reason user put himself into the lesser privilege group that locks himself out.
0
Comment
Question by:Tiras25
  • 4
  • 4
  • 2
  • +3
13 Comments
 
LVL 70

Accepted Solution

by:
KCTS earned 143 total points
ID: 38845723
Providing you don't use DENY then the higher permissions prevail.
In most cases you don't need to use deny.
0
 
LVL 6

Assisted Solution

by:sconstable
sconstable earned 72 total points
ID: 38845750
Id depends,
NTFS permissions assuming 1 group has permissions and the other one is just not in the ACL then the user will have access, if the "lower priv" group is in the ACL with deny, they will be denied rights.
0
 
LVL 17

Author Comment

by:Tiras25
ID: 38845757
The lower privilege is a Global Security Group.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 38845767
How does he lock himself out by being put in a group?

Thanks

Mike
0
 
LVL 4

Assisted Solution

by:Thomas WERNHER
Thomas WERNHER earned 72 total points
ID: 38846536
Hi,

if permissions are set on the NTFS file system (facing the internal side of the system), you'll have the higher permissions prevailing (if the user is in the two groups).

But, what about the shared folder permissions ?

Cheers
0
 
LVL 53

Assisted Solution

by:McKnife
McKnife earned 213 total points
ID: 38853049
What are we talking about here? I did not see the author mention folders/file permissions.
Please clarify.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 17

Author Comment

by:Tiras25
ID: 38853090
Sorry i was talking about the access to some internal URL link.  Seems the user added himself to the least permissive group and lock himself out.
0
 
LVL 53

Assisted Solution

by:McKnife
McKnife earned 213 total points
ID: 38853094
Come on, is it about file permissions or not. Or about a web server and its permissions. Where did he add himself? How does the lockout look like, "access denied" errors?
0
 
LVL 17

Author Comment

by:Tiras25
ID: 38853126
access denied yet.  So something about website permissions.  Sorry for the confusion.
0
 
LVL 53

Assisted Solution

by:McKnife
McKnife earned 213 total points
ID: 38853141
"So something about website permissions"
Man :) What makes it so complicated to tell us what he is trying to do? If you are looking for a solution, you need a question first. No really. Still not clear at all.
Where and how did he add himself?
What is he doing exactly?
Is he getting access denials in windows explorer or in his browser?
0
 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 143 total points
ID: 38853144
Now I'm confused ?

Please can you explain clearly and exactly what the problem is
0
 
LVL 17

Author Comment

by:Tiras25
ID: 38853190
Sorry again for the confusion.  The user added himself into the least permissive group in AD and denied himself access to the internal web site.  Once remove that specific group the access got back to normal.   Sorry I wasn't clear.
0
 
LVL 53

Expert Comment

by:McKnife
ID: 38853289
???
Willie Wang: [as they are about to leave Twain Manor] ... I don't get something, Pop: WAS there a murder, or WASN'T there?
Sidney Wang: Yes: Killed good weekend. Drive, please
See http://www.imdb.com/title/tt0074937/quotes
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Join & Write a Comment

Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now