We have a Windows 2008 R2 File server. When we share folders we give Everyone Read, Change and Full Control share permissions and then use NTFS permissions to place restrictions.
We discovered a shared folder in which the Domain Users group has Read, List Folder Contents and Read & Execute NTFS permissions. However we discovered that our users can write to that folder. I checked Effective permissions and found that the Domain Users group only had Read, List Folder Contents and Read & Execute permissions, however when I check an individual user they indeed have write effective permissions. The users are not in any other groups that have any permissions on that share. So I am stumped, how does a group have read only permissions but the users in that group have write permissions?