We help IT Professionals succeed at work.

permissions using global security group not working

635 Views
Last Modified: 2014-11-12
We have a single forest, single domain AD network running a single 2003 DC with all others DC's running 2008.

We have a group of staff who are part of a security group called "admin" with 5 users added to this group.

I have created a shared folder on both a 2003 and 2008 server and given the "admin" security group full access but the share still doesn't allow access however if I add one of the users that works fine.

Any thoughts would be much appreciated.
Comment
Watch Question

Dan McFaddenTechnical Lead - Active Directory
CERTIFIED EXPERT

Commented:
You may have to set both the NTFS permissions as well as the Share permissions.  Share/NTFS permissions operate in a least access mode first.  Meaning if you have Full Control at the Share level and Deny at the NTFS level, you get an Access denied.

I would try to match the permissions at both levels and test again.

Dan
VB ITSSpecialist Consultant
CERTIFIED EXPERT
Top Expert 2014

Commented:
When you created the shared folder, did you grant the admin security group access to the share itself?

i.e. Right click on the folder you are sharing > PropertiesSharing tab > Advanced Sharing...Permissions > does the admin group have Change access ticked? By default the Everyone group only gets Read access.

Author

Commented:
Hi Dan

That is spot on - I have All users, Full access at the share level and then on the security tab I am adding the Security group to have full control.

VB ITS - I have not added the admin group to the share as I thought All users, Full access would then allow anyone who was added in the security tab.
VB ITSSpecialist Consultant
CERTIFIED EXPERT
Top Expert 2014

Commented:
Just to clarify, when you say All users, do you mean the Everyone group? There is no All users group by default, unless this was a group that was manually created on your end?

Author

Commented:
Yes you are correct, sorry should have made that clearer.
Technical Lead - Active Directory
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
VB ITSSpecialist Consultant
CERTIFIED EXPERT
Top Expert 2014

Commented:
What error message are the users getting when they attempt to access the share? Post a screenshot if possible.
Dan McFaddenTechnical Lead - Active Directory
CERTIFIED EXPERT

Commented:
"Their group membership would need to be updated" meaning that their security token created during logon would need to recalculated due to the new group membership.  The logon process is the only way to accomplish this.

Dan

Author

Commented:
Thanks for your help with this one - it was indeed just a simple case of logging off and back on. I often change security permissions which change immediately. I foolishly expected this to be the same.
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.