How are people accessing our folders that are on the domain?!

hi guys,

We are in a domain environment. People are able to access a shared folder on the network. The name of the server is Server1. The only group in the NTFS security, is the 'Server1\users' group which relates to the local group!! This group has read/write and write.

We are talking about people on our domain, able to access this folder. I logged onto the server locally and in the 'Users' folder, these people are not even inside it. We don't get it though. How is that possible? Is there something I'm missing about NTFS permissions here? THe servers are Windows 2003.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Joseph MoodyBlogger and wearer of all hats.Commented:
Who is a member of the users group on that server? By default, authenticated users (every user in the domain) is a member of the local group users.
YashyAuthor Commented:
Okay, I've just seen that there's a group in the local Users folder: nt authority authenticated users (s-1-5-11)

I am on the uk.fc.local domain. This security group above is on the server which is on the contoso.local domain. People on the uk.fc.local domain can access the contoso.local folder.
Joseph MoodyBlogger and wearer of all hats.Commented:
So NTFS is behaving exactly like it is suppose to then. Authenticated Users is inheriting the read/write permissions assigned to your folder through the Local\Users group.

To fix this, add in a domain security group that contains just the members needing read/write permissions to the Access Control List of that folder. Disable inheritance. Remove Users.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

YashyAuthor Commented:
Thanks for the help Joseph.

But this is what I don't get. The server which has the 'NT Authority\Authenticated Users' set up on it is on the contoso.local. I am on the uk.fc.local domain. So how can there be an inheritance of permissions when I am on a totally different domain?

Is it because there is a trust between the two domains?
Jeff GloverSr. Systems AdministratorCommented:
Are the domains in the same forest? If so, then yes there are automatic Transitive Trusts in place
YashyAuthor Commented:
Thank you
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.