File Share Permissions Stumper

We have a Windows 2008 R2 File server. When we share folders we give Everyone Read, Change and Full Control share permissions and then use NTFS permissions to place restrictions.

We discovered a shared folder in which the Domain Users group has Read, List Folder Contents and Read & Execute NTFS permissions. However we discovered that our users can write to that folder. I checked Effective permissions and found that the Domain Users group only had  Read, List Folder Contents and Read & Execute  permissions, however when I check an individual user they indeed have write effective permissions. The users are not in any other groups that have any permissions on that share. So I am stumped, how does a group have read only permissions but the users in that group have write permissions?
gglollcAsked:
Who is Participating?
 
Matt VCommented:
Is it possible the users are indirectly members of a local group that has access to the folders?

See https://technet.microsoft.com/en-us/library/cc772184.aspx to see exactly how effective permissions are determined.

Perhaps "Users" (local group) has write access and Domain Users is a member of Users?
0
 
Lionel MMSmall Business IT ConsultantCommented:
Do you have "inherited permissions" enabled on the folder--if you do remove them and apply on the permissions you want on that shared folder.
0
 
gglollcAuthor Commented:
We don't have any local groups on that server that contain domain users.

 I unshared the folder, reset the NTFS permisions, then shared it again and it seems back to normal.
0
 
gglollcAuthor Commented:
Okay, I apologize to Matt. Upon re-examination domain users were in a local server group with write permissions.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.