Can't seem to restrict network access to a domain Win8-Pro PC folder from domain users on Win7 Pro PCs
Posted on 2013-11-22
Hi everyone -
Here's my problem:
I have a Windows 8 Professional x64 PC on my 2003 Active Directory domain.
I have a folder on that Windows-8 Professional x64 PC that I need to restrict access/block for certain network domain users that are on other PCs on the LAN. That folder is on the "G" drive of the Win8 PC in question.
The users are using Windows 7 Pro PCs on the same 2003 A/D domain. The only A/D group they are members of is the default "Domain Users", but they are Local Administrators on their own Win7 PCs
I originally had the folder set as a share; I removed security inheritance from above it and Explicitly added the individual users I want to block, I selected "Full Control", then "Deny" on both the "Share" tab and the "Permissions" tab for the share.
These users, that should have been blocked, were still able to browse the network and access the share.
I stopped sharing the folder, making the only way to get to it to be by navigating to \\<Win8-Computer-name>\G$\<folder-name>. I then similarly Explicitly added those users to the folder permissions by selecting "Full Control", then "Deny" on the "Permissions" tab for the folder. I also Explicitly added those users to the "G$" permissions by selecting "Full Control", then "Deny" on the "Permissions" tab for G$.
The target users were STILL able to access the folder simply by navigating to \\<Win8-Computer-name>\G$\<folder-name>, even though they should still have been blocked.
This is my first encounter working with file access permissions relative to Win8 and Win7 PCs on a 2003 A/D domain (nothing but WinXP PCs have been on the domain up to this point)
I doubt that it matters, but the "G" drive on the Win8 PC is not an internal hard drive. It is an iSCSI NAS box made operational and available specifically to the Win8 PC by the usual iSCSI Initiator on the Win8 PC.
Is this something new /peculiar with Win8 and Win7 PCs as to how they interact with network and file/folder security???? I've been working with networks and IT for a very long time and have never seen a situation where EXPLICITLY applied Deny-Access settings have had absolutely NO effect in blocking users.
What the heck am I missing?
Thanks in advance for any and all help.