AD Users Have Access to Folder Shares Other Than Whats Listed In AD Users and Computers

I have a few users that somehow have access to some folder shares other than what they have access to stated in AD under the "Member Of" tab.  My folders have security groups which are what I tie the users to.  I have also checked the folder shares to make sure that the users were not listed under groups nor security groups they were added in.

Any suggestions as to how I can fix this issue?

Thanks!
ollybubaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Neil RussellTechnical Development LeadCommented:
Ultimately it is down to NTFS permissions. It matters not if a user can see a share, has full permissions on a share or whatever.  What matters is what NTFS permissions are set.
Users will not be able to see something if they do not have permissions.  Are these shares/folders visible to ALL users or just  those in groups PLUS one or two others?

Can you paste some screen shots of share permission and ntfs permissions and group membership of a user that should not have access?

We could guess all night but without seeing something it will be a long process.
0
ollybubaAuthor Commented:
The Maintenance-NTFS picture is the setting for all shared folders including the folders this user isn't able to view and shouldn't.
Maintenance-NTFS.JPG
Maintenance-Permissions.JPG
Member-Of.JPG
0
NVITCommented:
If you changed the permissions recently, be sure to have those users logoff then logon.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

ollybubaAuthor Commented:
I have not changed any settings recently.
0
Neil RussellTechnical Development LeadCommented:
You are certain that these users are not for any reason members of the servers local Administrators group? Either directly of through membership of another group?
Also of course that they are not domain admins.
0
NVITCommented:
AccessEnum can help to quickly view user accesses to a tree of directories or keys.
http://technet.microsoft.com/en-us/sysinternals/bb897332.aspx

Start by plugging in affected paths in the folder field at top.
You can also export the results to a .txt file for off-line examination.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ollybubaAuthor Commented:
I've checked a user and they are not part of any group that Enum says has permissions to that share.
0
NVITCommented:
Is it an entire folder of files or just certain files? e.g. say you have c:\main. Under that you have subfolder1 with some files. Also subfolder2 with some files.

Maybe all files in subfolder2 is exposed but not files in subfolder1.

Or, just certain files affected all over the place?
0
ollybubaAuthor Commented:
It would be for an example c:\maintenance.  As in the parent directory.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SBS

From novice to tech pro — start learning today.