How are people accessing our folders that are on the domain?!

hi guys,

We are in a domain environment. People are able to access a shared folder on the network. The name of the server is Server1. The only group in the NTFS security, is the 'Server1\users' group which relates to the local group!! This group has read/write and write.

We are talking about people on our domain, able to access this folder. I logged onto the server locally and in the 'Users' folder, these people are not even inside it. We don't get it though. How is that possible? Is there something I'm missing about NTFS permissions here? THe servers are Windows 2003.

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Joseph MoodyBlogger and wearer of all hats.Commented:
Who is a member of the users group on that server? By default, authenticated users (every user in the domain) is a member of the local group users.
YashyAuthor Commented:
Okay, I've just seen that there's a group in the local Users folder: nt authority authenticated users (s-1-5-11)

I am on the uk.fc.local domain. This security group above is on the server which is on the contoso.local domain. People on the uk.fc.local domain can access the contoso.local folder.
Joseph MoodyBlogger and wearer of all hats.Commented:
So NTFS is behaving exactly like it is suppose to then. Authenticated Users is inheriting the read/write permissions assigned to your folder through the Local\Users group.

To fix this, add in a domain security group that contains just the members needing read/write permissions to the Access Control List of that folder. Disable inheritance. Remove Users.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

YashyAuthor Commented:
Thanks for the help Joseph.

But this is what I don't get. The server which has the 'NT Authority\Authenticated Users' set up on it is on the contoso.local. I am on the uk.fc.local domain. So how can there be an inheritance of permissions when I am on a totally different domain?

Is it because there is a trust between the two domains?
Jeff GloverSr. Systems AdministratorCommented:
Are the domains in the same forest? If so, then yes there are automatic Transitive Trusts in place
YashyAuthor Commented:
Thank you
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.