Domain users are able to write to folder in spite of read only permissions

On our Windows 2008 server, I changed the properties of Folder A, and set users' security to read. Logged on as a user, to test, and he is still able to create files, inside Folder A.
bobox00Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Smith and AndersenCommented:
what are your share perms and what are the ntfs perms??
0
bobox00Author Commented:
Share permissions give users read and write. Folder A is however a sub-folder inside the actual shared folder. I have removed inheritable permissions from Folder A.
0
Smith and AndersenCommented:
your share perms should be everyone=full control
Then secure the root folder with ntfs list perms for this folder only for your ad group
Then add the same group with read perms for subfolders and files
Do this from the advanced button on security tab
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

bobox00Author Commented:
Please consider this. A higher level folder is mapped, and users have write permissions at that level. I do however need to restrict users from writing to Folder A. See below:

Folder 1\Folder 2\Folder A

Folder 1 is mapped and users have write access. Folder A is not directly shared (Folder 1 is shared, so users can drill down and view the contents of Folder A). I used security permissions for Folder A to assign "Read" permissions to users.
0
bobox00Author Commented:
I have told the user I am testing with, to restart his PC and try creating a test folder inside folder A. Will report back on the result, after he's back from lunch.
0
bobox00Author Commented:
C:\Users\me>net user /domain testuser
The request will be processed at a domain controller for domain domainname.things.


User name                    testuser
Full Name                    test user
Comment
User's comment
Country code                 (null)
Account active               Yes
Account expires              Never

Password last set            2/1/2012 10:14:31 AM
Password expires             Never
Password changeable          2/2/2012 10:14:31 AM
Password required            Yes
User may change password     Yes

Workstations allowed         All
Logon script
User profile
Home directory
Last logon                   9/12/2013 11:12:12 AM

Logon hours allowed          All

Local Group Memberships      *Remote Desktop Users *Server Operators
Global Group memberships     *Office Group      *DenyAccounting
                             *Local Admin Users    *Domain Users
The command completed successfully.
0
bobox00Author Commented:
Local Group Memberships      *Remote Desktop Users *Server Operators
Global Group memberships     *Office Group      *DenyAccounting
                             *Local Admin Users    *Domain Users

All the groups listed above have no effective permissions. The group named "Users" have List and Read effective permissions.
0
bobox00Author Commented:
Still don't know where users are getting write permissions from. Hopefully restarting his laptop will make the read permissions effective.
0
cantorisCommented:
Check the user's group memberships and don't forget there may be nested group memberships involved too.
0
Allen WhiteDirectory Services Support Escalation EngineerCommented:
Don't forget to check the NTFS file permissions as they will take precedence over share permissions
0
bobox00Author Commented:
Problem still exists. I'm sure there's something I'm missing.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows OS

From novice to tech pro — start learning today.