permissions using global security group not working

We have a single forest, single domain AD network running a single 2003 DC with all others DC's running 2008.

We have a group of staff who are part of a security group called "admin" with 5 users added to this group.

I have created a shared folder on both a 2003 and 2008 server and given the "admin" security group full access but the share still doesn't allow access however if I add one of the users that works fine.

Any thoughts would be much appreciated.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dan McFaddenSystems EngineerCommented:
You may have to set both the NTFS permissions as well as the Share permissions.  Share/NTFS permissions operate in a least access mode first.  Meaning if you have Full Control at the Share level and Deny at the NTFS level, you get an Access denied.

I would try to match the permissions at both levels and test again.

VB ITSSpecialist ConsultantCommented:
When you created the shared folder, did you grant the admin security group access to the share itself?

i.e. Right click on the folder you are sharing > PropertiesSharing tab > Advanced Sharing...Permissions > does the admin group have Change access ticked? By default the Everyone group only gets Read access.
cmlbaeteAuthor Commented:
Hi Dan

That is spot on - I have All users, Full access at the share level and then on the security tab I am adding the Security group to have full control.

VB ITS - I have not added the admin group to the share as I thought All users, Full access would then allow anyone who was added in the security tab.
Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

VB ITSSpecialist ConsultantCommented:
Just to clarify, when you say All users, do you mean the Everyone group? There is no All users group by default, unless this was a group that was manually created on your end?
cmlbaeteAuthor Commented:
Yes you are correct, sorry should have made that clearer.
Dan McFaddenSystems EngineerCommented:
And the users still cannot access the share?

When was the AD group created?  Have the user's in this group logged off and then back on?  Their group membership would need to be updated after their user accounts were added to a new group.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
VB ITSSpecialist ConsultantCommented:
What error message are the users getting when they attempt to access the share? Post a screenshot if possible.
Dan McFaddenSystems EngineerCommented:
"Their group membership would need to be updated" meaning that their security token created during logon would need to recalculated due to the new group membership.  The logon process is the only way to accomplish this.

cmlbaeteAuthor Commented:
Thanks for your help with this one - it was indeed just a simple case of logging off and back on. I often change security permissions which change immediately. I foolishly expected this to be the same.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.