AD Groups question

If the use is a member of higher privilege group and lesser privilege group.  Which one is prevails?  For some reason user put himself into the lesser privilege group that locks himself out.
LVL 17
Tiras25Asked:
Who is Participating?
 
Brian PiercePhotographerCommented:
Providing you don't use DENY then the higher permissions prevail.
In most cases you don't need to use deny.
0
 
sconstableCommented:
Id depends,
NTFS permissions assuming 1 group has permissions and the other one is just not in the ACL then the user will have access, if the "lower priv" group is in the ACL with deny, they will be denied rights.
0
 
Tiras25Author Commented:
The lower privilege is a Global Security Group.
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
Mike KlineCommented:
How does he lock himself out by being put in a group?

Thanks

Mike
0
 
Thomas WERNHERConfiguration ManagerCommented:
Hi,

if permissions are set on the NTFS file system (facing the internal side of the system), you'll have the higher permissions prevailing (if the user is in the two groups).

But, what about the shared folder permissions ?

Cheers
0
 
McKnifeCommented:
What are we talking about here? I did not see the author mention folders/file permissions.
Please clarify.
0
 
Tiras25Author Commented:
Sorry i was talking about the access to some internal URL link.  Seems the user added himself to the least permissive group and lock himself out.
0
 
McKnifeCommented:
Come on, is it about file permissions or not. Or about a web server and its permissions. Where did he add himself? How does the lockout look like, "access denied" errors?
0
 
Tiras25Author Commented:
access denied yet.  So something about website permissions.  Sorry for the confusion.
0
 
McKnifeCommented:
"So something about website permissions"
Man :) What makes it so complicated to tell us what he is trying to do? If you are looking for a solution, you need a question first. No really. Still not clear at all.
Where and how did he add himself?
What is he doing exactly?
Is he getting access denials in windows explorer or in his browser?
0
 
Brian PiercePhotographerCommented:
Now I'm confused ?

Please can you explain clearly and exactly what the problem is
0
 
Tiras25Author Commented:
Sorry again for the confusion.  The user added himself into the least permissive group in AD and denied himself access to the internal web site.  Once remove that specific group the access got back to normal.   Sorry I wasn't clear.
0
 
McKnifeCommented:
???
Willie Wang: [as they are about to leave Twain Manor] ... I don't get something, Pop: WAS there a murder, or WASN'T there?
Sidney Wang: Yes: Killed good weekend. Drive, please
See http://www.imdb.com/title/tt0074937/quotes
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.