Solved

AD Users Have Access to Folder Shares Other Than Whats Listed In AD Users and Computers

Posted on 2014-12-29
9
76 Views
Last Modified: 2015-04-22
I have a few users that somehow have access to some folder shares other than what they have access to stated in AD under the "Member Of" tab.  My folders have security groups which are what I tie the users to.  I have also checked the folder shares to make sure that the users were not listed under groups nor security groups they were added in.

Any suggestions as to how I can fix this issue?

Thanks!
0
Comment
Question by:ollybuba
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 
LVL 37

Expert Comment

by:Neil Russell
ID: 40522232
Ultimately it is down to NTFS permissions. It matters not if a user can see a share, has full permissions on a share or whatever.  What matters is what NTFS permissions are set.
Users will not be able to see something if they do not have permissions.  Are these shares/folders visible to ALL users or just  those in groups PLUS one or two others?

Can you paste some screen shots of share permission and ntfs permissions and group membership of a user that should not have access?

We could guess all night but without seeing something it will be a long process.
0
 

Author Comment

by:ollybuba
ID: 40522301
The Maintenance-NTFS picture is the setting for all shared folders including the folders this user isn't able to view and shouldn't.
Maintenance-NTFS.JPG
Maintenance-Permissions.JPG
Member-Of.JPG
0
 
LVL 24

Expert Comment

by:NVIT
ID: 40522344
If you changed the permissions recently, be sure to have those users logoff then logon.
0
Transaction Monitoring Vs. Real User Monitoring

Synthetic Transaction Monitoring Vs. Real User Monitoring: When To Use Each Approach? In this article, we will discuss two major monitoring approaches: Synthetic Transaction and Real User Monitoring.

 

Author Comment

by:ollybuba
ID: 40522383
I have not changed any settings recently.
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 40522389
You are certain that these users are not for any reason members of the servers local Administrators group? Either directly of through membership of another group?
Also of course that they are not domain admins.
0
 
LVL 24

Accepted Solution

by:
NVIT earned 500 total points
ID: 40522403
AccessEnum can help to quickly view user accesses to a tree of directories or keys.
http://technet.microsoft.com/en-us/sysinternals/bb897332.aspx

Start by plugging in affected paths in the folder field at top.
You can also export the results to a .txt file for off-line examination.
0
 

Author Comment

by:ollybuba
ID: 40524091
I've checked a user and they are not part of any group that Enum says has permissions to that share.
0
 
LVL 24

Expert Comment

by:NVIT
ID: 40524136
Is it an entire folder of files or just certain files? e.g. say you have c:\main. Under that you have subfolder1 with some files. Also subfolder2 with some files.

Maybe all files in subfolder2 is exposed but not files in subfolder1.

Or, just certain files affected all over the place?
0
 

Author Comment

by:ollybuba
ID: 40524144
It would be for an example c:\maintenance.  As in the parent directory.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question