?
Solved

permissions using global security group not working

Posted on 2014-11-06
9
Medium Priority
?
288 Views
Last Modified: 2014-11-12
We have a single forest, single domain AD network running a single 2003 DC with all others DC's running 2008.

We have a group of staff who are part of a security group called "admin" with 5 users added to this group.

I have created a shared folder on both a 2003 and 2008 server and given the "admin" security group full access but the share still doesn't allow access however if I add one of the users that works fine.

Any thoughts would be much appreciated.
0
Comment
Question by:cmlbaete
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 3
9 Comments
 
LVL 28

Expert Comment

by:Dan McFadden
ID: 40425880
You may have to set both the NTFS permissions as well as the Share permissions.  Share/NTFS permissions operate in a least access mode first.  Meaning if you have Full Control at the Share level and Deny at the NTFS level, you get an Access denied.

I would try to match the permissions at both levels and test again.

Dan
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40425884
When you created the shared folder, did you grant the admin security group access to the share itself?

i.e. Right click on the folder you are sharing > PropertiesSharing tab > Advanced Sharing...Permissions > does the admin group have Change access ticked? By default the Everyone group only gets Read access.
0
 
LVL 1

Author Comment

by:cmlbaete
ID: 40425923
Hi Dan

That is spot on - I have All users, Full access at the share level and then on the security tab I am adding the Security group to have full control.

VB ITS - I have not added the admin group to the share as I thought All users, Full access would then allow anyone who was added in the security tab.
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
LVL 24

Expert Comment

by:VB ITS
ID: 40425926
Just to clarify, when you say All users, do you mean the Everyone group? There is no All users group by default, unless this was a group that was manually created on your end?
0
 
LVL 1

Author Comment

by:cmlbaete
ID: 40425929
Yes you are correct, sorry should have made that clearer.
0
 
LVL 28

Accepted Solution

by:
Dan McFadden earned 2000 total points
ID: 40425930
And the users still cannot access the share?

When was the AD group created?  Have the user's in this group logged off and then back on?  Their group membership would need to be updated after their user accounts were added to a new group.

Dan
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40425933
What error message are the users getting when they attempt to access the share? Post a screenshot if possible.
0
 
LVL 28

Expert Comment

by:Dan McFadden
ID: 40425934
"Their group membership would need to be updated" meaning that their security token created during logon would need to recalculated due to the new group membership.  The logon process is the only way to accomplish this.

Dan
0
 
LVL 1

Author Closing Comment

by:cmlbaete
ID: 40437208
Thanks for your help with this one - it was indeed just a simple case of logging off and back on. I often change security permissions which change immediately. I foolishly expected this to be the same.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question