Fileserver Permissions - 2008 R2
I'm having strange issues trying to work out some permissions on a fileserver.
Users have a mapped drive to a root folder within which they see their departmental main folder and then within that are a single level of subfolders with distinct permissions requirements.
At the departmental folder level, the users are a member of a group that gives them Read access to "this folder only". They are then members of groups specific to each subfolder in there as required. These are configured as follows:
Each (first-level) subfolder has two permissions entries for the latter type of group. The first is applied to "This Folder Only" and has just read access and the second applied to "Subfolders and Files" has full control.
Despite this, users cannot, for example rename folders within the subfolder. Effective permissions on one such folder shows the user as having full control! The folder is not read-only either.
If I remove the "This Folder Only" entry and change the full control entry to "Folder, Subfolders and files" then all is well.
What am I missing? Thanks!
Users have a mapped drive to a root folder within which they see their departmental main folder and then within that are a single level of subfolders with distinct permissions requirements.
At the departmental folder level, the users are a member of a group that gives them Read access to "this folder only". They are then members of groups specific to each subfolder in there as required. These are configured as follows:
Each (first-level) subfolder has two permissions entries for the latter type of group. The first is applied to "This Folder Only" and has just read access and the second applied to "Subfolders and Files" has full control.
Despite this, users cannot, for example rename folders within the subfolder. Effective permissions on one such folder shows the user as having full control! The folder is not read-only either.
If I remove the "This Folder Only" entry and change the full control entry to "Folder, Subfolders and files" then all is well.
What am I missing? Thanks!
ASKER
- DeptFolder = "This Folder Only" =Read
|____ SubFolder = ("This Folder Only" = Read)+("Subfolders and Files" = Full)
|_____ Deeper level = Inherited permissions only.
User cannot rename that deeper level folder despite Effective Permissions confirming user has full control! It's almost as though the SubFolder level "This Folder Only" permissions are silently applying to all subfolders too. (The "apply at this level" checkbox is greyed out when you apply permissions to the folder only.)
|____ SubFolder = ("This Folder Only" = Read)+("Subfolders and Files" = Full)
|_____ Deeper level = Inherited permissions only.
User cannot rename that deeper level folder despite Effective Permissions confirming user has full control! It's almost as though the SubFolder level "This Folder Only" permissions are silently applying to all subfolders too. (The "apply at this level" checkbox is greyed out when you apply permissions to the folder only.)
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ultimately made it work with a Deny permission!
If yes one of the Permissions with read or Deny is denying users from changing the policy.
Check if u have 2 groups with same users permissions . If yes the one with least permission should be removed or edited ,.