Avatar of bobox00
bobox00Flag for United States of America asked on

Domain users are able to write to folder in spite of read only permissions

On our Windows 2008 server, I changed the properties of Folder A, and set users' security to read. Logged on as a user, to test, and he is still able to create files, inside Folder A.
Windows OSActive DirectoryWindows Server 2008

Avatar of undefined
Last Comment
bobox00

8/22/2022 - Mon
Smith and Andersen

what are your share perms and what are the ntfs perms??
ASKER
bobox00

Share permissions give users read and write. Folder A is however a sub-folder inside the actual shared folder. I have removed inheritable permissions from Folder A.
ASKER CERTIFIED SOLUTION
Smith and Andersen

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER
bobox00

Please consider this. A higher level folder is mapped, and users have write permissions at that level. I do however need to restrict users from writing to Folder A. See below:

Folder 1\Folder 2\Folder A

Folder 1 is mapped and users have write access. Folder A is not directly shared (Folder 1 is shared, so users can drill down and view the contents of Folder A). I used security permissions for Folder A to assign "Read" permissions to users.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
ASKER
bobox00

I have told the user I am testing with, to restart his PC and try creating a test folder inside folder A. Will report back on the result, after he's back from lunch.
ASKER
bobox00

C:\Users\me>net user /domain testuser
The request will be processed at a domain controller for domain domainname.things.


User name                    testuser
Full Name                    test user
Comment
User's comment
Country code                 (null)
Account active               Yes
Account expires              Never

Password last set            2/1/2012 10:14:31 AM
Password expires             Never
Password changeable          2/2/2012 10:14:31 AM
Password required            Yes
User may change password     Yes

Workstations allowed         All
Logon script
User profile
Home directory
Last logon                   9/12/2013 11:12:12 AM

Logon hours allowed          All

Local Group Memberships      *Remote Desktop Users *Server Operators
Global Group memberships     *Office Group      *DenyAccounting
                             *Local Admin Users    *Domain Users
The command completed successfully.
ASKER
bobox00

Local Group Memberships      *Remote Desktop Users *Server Operators
Global Group memberships     *Office Group      *DenyAccounting
                             *Local Admin Users    *Domain Users

All the groups listed above have no effective permissions. The group named "Users" have List and Read effective permissions.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
bobox00

Still don't know where users are getting write permissions from. Hopefully restarting his laptop will make the read permissions effective.
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
bobox00

Problem still exists. I'm sure there's something I'm missing.