Avatar of cmlbaete
cmlbaete
Flag for United Kingdom of Great Britain and Northern Ireland asked on

permissions using global security group not working

We have a single forest, single domain AD network running a single 2003 DC with all others DC's running 2008.

We have a group of staff who are part of a security group called "admin" with 5 users added to this group.

I have created a shared folder on both a 2003 and 2008 server and given the "admin" security group full access but the share still doesn't allow access however if I add one of the users that works fine.

Any thoughts would be much appreciated.
Windows Server 2008Windows Server 2003Active Directory

Avatar of undefined
Last Comment
cmlbaete

8/22/2022 - Mon
Dan McFadden

You may have to set both the NTFS permissions as well as the Share permissions.  Share/NTFS permissions operate in a least access mode first.  Meaning if you have Full Control at the Share level and Deny at the NTFS level, you get an Access denied.

I would try to match the permissions at both levels and test again.

Dan
VB ITS

When you created the shared folder, did you grant the admin security group access to the share itself?

i.e. Right click on the folder you are sharing > PropertiesSharing tab > Advanced Sharing...Permissions > does the admin group have Change access ticked? By default the Everyone group only gets Read access.
cmlbaete

ASKER
Hi Dan

That is spot on - I have All users, Full access at the share level and then on the security tab I am adding the Security group to have full control.

VB ITS - I have not added the admin group to the share as I thought All users, Full access would then allow anyone who was added in the security tab.
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
VB ITS

Just to clarify, when you say All users, do you mean the Everyone group? There is no All users group by default, unless this was a group that was manually created on your end?
cmlbaete

ASKER
Yes you are correct, sorry should have made that clearer.
ASKER CERTIFIED SOLUTION
Dan McFadden

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
VB ITS

What error message are the users getting when they attempt to access the share? Post a screenshot if possible.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Dan McFadden

"Their group membership would need to be updated" meaning that their security token created during logon would need to recalculated due to the new group membership.  The logon process is the only way to accomplish this.

Dan
cmlbaete

ASKER
Thanks for your help with this one - it was indeed just a simple case of logging off and back on. I often change security permissions which change immediately. I foolishly expected this to be the same.