Windows Search results display documents in folders user cannot open

A client's network is a mix of XP SP3 and Windows 7 machines in a domain with three W2K3 servers, one with the PDC emumulator and global catalog, the other a domain controller with shared folders and user profiles. A 3rd W2K3 runs SQL Server.

Users My Documents defaults to a share which is also available as their S: drive.

Several of the folders in the shared drive are limited to different user groups, for example only members of the executive group have access to financials.

While assisting a user who was not in the executive group via a remote session (so the system was using their credentials, not my administrative creds), I ran a search using Windows Search and noticed documents in the financials subfolder coming up and previewing data in the documents.

I opened Windows Explorer and attempted to open the financial folders, and as expected was denied access.

I then clicked on the link to the doc in Windows Search, and the document "downloaded" and opened.

Naturally I closed all this and got back to the original issue, resolved it, logged off and called the user to let them know everything was ready when they got back to the office.

I then repeated this on a couple of different systems using a test account. Same issue.

I'm thinking this must be solvable with a GPO profile setting but haven't been able to figure out what it would be.

Any Windows Search / Security masters out there with a suggestion?

We are working toward moving to 2K8/2K12 and retiring the last of the XPs. I can deploy a production 2K8 or 2K12 server immediately if need be.

Thanks!
LVL 1
F. X. FlinnSenior Consultant / FounderAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Chris HInfrastructure ManagerCommented:
Do you think you mapped a network drive (S:) as an admin?
0
McKnifeCommented:
Hi.

"I then clicked on the link to the doc in Windows Search, and the document "downloaded" and opened"
Please run procmon to see where that file is originating. The problem will be found instantly.
0
F. X. FlinnSenior Consultant / FounderAuthor Commented:
The problem was rooted in the failure of one of the AD servers to replicate, leading to the failure of a group policy to be properly delivered to the client.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
F. X. FlinnSenior Consultant / FounderAuthor Commented:
Once the replication issue was discovered while trying to understand why the user had unexpected access, the solution to the symptom was to fix the underlying issue or root cause of the problem.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Vulnerabilities

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.