?
Solved

Windows Search results display documents in folders user cannot open

Posted on 2014-10-27
4
Medium Priority
?
140 Views
Last Modified: 2014-12-11
A client's network is a mix of XP SP3 and Windows 7 machines in a domain with three W2K3 servers, one with the PDC emumulator and global catalog, the other a domain controller with shared folders and user profiles. A 3rd W2K3 runs SQL Server.

Users My Documents defaults to a share which is also available as their S: drive.

Several of the folders in the shared drive are limited to different user groups, for example only members of the executive group have access to financials.

While assisting a user who was not in the executive group via a remote session (so the system was using their credentials, not my administrative creds), I ran a search using Windows Search and noticed documents in the financials subfolder coming up and previewing data in the documents.

I opened Windows Explorer and attempted to open the financial folders, and as expected was denied access.

I then clicked on the link to the doc in Windows Search, and the document "downloaded" and opened.

Naturally I closed all this and got back to the original issue, resolved it, logged off and called the user to let them know everything was ready when they got back to the office.

I then repeated this on a couple of different systems using a test account. Same issue.

I'm thinking this must be solvable with a GPO profile setting but haven't been able to figure out what it would be.

Any Windows Search / Security masters out there with a suggestion?

We are working toward moving to 2K8/2K12 and retiring the last of the XPs. I can deploy a production 2K8 or 2K12 server immediately if need be.

Thanks!
0
Comment
Question by:F. X. Flinn
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 16

Expert Comment

by:choward16980
ID: 40407042
Do you think you mapped a network drive (S:) as an admin?
0
 
LVL 56

Expert Comment

by:McKnife
ID: 40407353
Hi.

"I then clicked on the link to the doc in Windows Search, and the document "downloaded" and opened"
Please run procmon to see where that file is originating. The problem will be found instantly.
0
 
LVL 1

Accepted Solution

by:
F. X. Flinn earned 0 total points
ID: 40484841
The problem was rooted in the failure of one of the AD servers to replicate, leading to the failure of a group policy to be properly delivered to the client.
0
 
LVL 1

Author Closing Comment

by:F. X. Flinn
ID: 40493428
Once the replication issue was discovered while trying to understand why the user had unexpected access, the solution to the symptom was to fix the underlying issue or root cause of the problem.
0

Featured Post

Four New Appliances. Same Industry-leading Speeds.

But don't take it from us.  The Firebox M370 is Miercom tested and Miercom approved, outperforming its competitors for stateless and stateful traffic throughput scenarios.  Learn more about the M370, M470, M570 and M670 and find the right solution for your organization today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard your…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question