Solved

AD Groups question

Posted on 2013-02-01
13
275 Views
Last Modified: 2013-02-04
If the use is a member of higher privilege group and lesser privilege group.  Which one is prevails?  For some reason user put himself into the lesser privilege group that locks himself out.
0
Comment
Question by:Tiras25
  • 4
  • 4
  • 2
  • +3
13 Comments
 
LVL 70

Accepted Solution

by:
KCTS earned 143 total points
ID: 38845723
Providing you don't use DENY then the higher permissions prevail.
In most cases you don't need to use deny.
0
 
LVL 6

Assisted Solution

by:sconstable
sconstable earned 72 total points
ID: 38845750
Id depends,
NTFS permissions assuming 1 group has permissions and the other one is just not in the ACL then the user will have access, if the "lower priv" group is in the ACL with deny, they will be denied rights.
0
 
LVL 17

Author Comment

by:Tiras25
ID: 38845757
The lower privilege is a Global Security Group.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 38845767
How does he lock himself out by being put in a group?

Thanks

Mike
0
 
LVL 4

Assisted Solution

by:Thomas WERNHER
Thomas WERNHER earned 72 total points
ID: 38846536
Hi,

if permissions are set on the NTFS file system (facing the internal side of the system), you'll have the higher permissions prevailing (if the user is in the two groups).

But, what about the shared folder permissions ?

Cheers
0
 
LVL 53

Assisted Solution

by:McKnife
McKnife earned 213 total points
ID: 38853049
What are we talking about here? I did not see the author mention folders/file permissions.
Please clarify.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 17

Author Comment

by:Tiras25
ID: 38853090
Sorry i was talking about the access to some internal URL link.  Seems the user added himself to the least permissive group and lock himself out.
0
 
LVL 53

Assisted Solution

by:McKnife
McKnife earned 213 total points
ID: 38853094
Come on, is it about file permissions or not. Or about a web server and its permissions. Where did he add himself? How does the lockout look like, "access denied" errors?
0
 
LVL 17

Author Comment

by:Tiras25
ID: 38853126
access denied yet.  So something about website permissions.  Sorry for the confusion.
0
 
LVL 53

Assisted Solution

by:McKnife
McKnife earned 213 total points
ID: 38853141
"So something about website permissions"
Man :) What makes it so complicated to tell us what he is trying to do? If you are looking for a solution, you need a question first. No really. Still not clear at all.
Where and how did he add himself?
What is he doing exactly?
Is he getting access denials in windows explorer or in his browser?
0
 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 143 total points
ID: 38853144
Now I'm confused ?

Please can you explain clearly and exactly what the problem is
0
 
LVL 17

Author Comment

by:Tiras25
ID: 38853190
Sorry again for the confusion.  The user added himself into the least permissive group in AD and denied himself access to the internal web site.  Once remove that specific group the access got back to normal.   Sorry I wasn't clear.
0
 
LVL 53

Expert Comment

by:McKnife
ID: 38853289
???
Willie Wang: [as they are about to leave Twain Manor] ... I don't get something, Pop: WAS there a murder, or WASN'T there?
Sidney Wang: Yes: Killed good weekend. Drive, please
See http://www.imdb.com/title/tt0074937/quotes
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now