Solved

AD Groups question

Posted on 2013-02-01
13
277 Views
Last Modified: 2013-02-04
If the use is a member of higher privilege group and lesser privilege group.  Which one is prevails?  For some reason user put himself into the lesser privilege group that locks himself out.
0
Comment
Question by:Tiras25
  • 4
  • 4
  • 2
  • +3
13 Comments
 
LVL 70

Accepted Solution

by:
KCTS earned 143 total points
ID: 38845723
Providing you don't use DENY then the higher permissions prevail.
In most cases you don't need to use deny.
0
 
LVL 6

Assisted Solution

by:sconstable
sconstable earned 72 total points
ID: 38845750
Id depends,
NTFS permissions assuming 1 group has permissions and the other one is just not in the ACL then the user will have access, if the "lower priv" group is in the ACL with deny, they will be denied rights.
0
 
LVL 17

Author Comment

by:Tiras25
ID: 38845757
The lower privilege is a Global Security Group.
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 57

Expert Comment

by:Mike Kline
ID: 38845767
How does he lock himself out by being put in a group?

Thanks

Mike
0
 
LVL 4

Assisted Solution

by:Thomas WERNHER
Thomas WERNHER earned 72 total points
ID: 38846536
Hi,

if permissions are set on the NTFS file system (facing the internal side of the system), you'll have the higher permissions prevailing (if the user is in the two groups).

But, what about the shared folder permissions ?

Cheers
0
 
LVL 54

Assisted Solution

by:McKnife
McKnife earned 213 total points
ID: 38853049
What are we talking about here? I did not see the author mention folders/file permissions.
Please clarify.
0
 
LVL 17

Author Comment

by:Tiras25
ID: 38853090
Sorry i was talking about the access to some internal URL link.  Seems the user added himself to the least permissive group and lock himself out.
0
 
LVL 54

Assisted Solution

by:McKnife
McKnife earned 213 total points
ID: 38853094
Come on, is it about file permissions or not. Or about a web server and its permissions. Where did he add himself? How does the lockout look like, "access denied" errors?
0
 
LVL 17

Author Comment

by:Tiras25
ID: 38853126
access denied yet.  So something about website permissions.  Sorry for the confusion.
0
 
LVL 54

Assisted Solution

by:McKnife
McKnife earned 213 total points
ID: 38853141
"So something about website permissions"
Man :) What makes it so complicated to tell us what he is trying to do? If you are looking for a solution, you need a question first. No really. Still not clear at all.
Where and how did he add himself?
What is he doing exactly?
Is he getting access denials in windows explorer or in his browser?
0
 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 143 total points
ID: 38853144
Now I'm confused ?

Please can you explain clearly and exactly what the problem is
0
 
LVL 17

Author Comment

by:Tiras25
ID: 38853190
Sorry again for the confusion.  The user added himself into the least permissive group in AD and denied himself access to the internal web site.  Once remove that specific group the access got back to normal.   Sorry I wasn't clear.
0
 
LVL 54

Expert Comment

by:McKnife
ID: 38853289
???
Willie Wang: [as they are about to leave Twain Manor] ... I don't get something, Pop: WAS there a murder, or WASN'T there?
Sidney Wang: Yes: Killed good weekend. Drive, please
See http://www.imdb.com/title/tt0074937/quotes
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question