Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 82
  • Last Modified:

I need to find out what effective permissions have been applied to a share on my sbs 2008 server

In AD .

I have a company\partner  share .  
I have assigned 3 users to a group called partners
I have given the group full rights to partner share
but when I try to access the share as one of the users
I am getting a message saying I do not have permission to access .
I am not sure if another admin has setup permissions separately which is more restrictive .
This was working a few days ago .
How do I check this ?
When I checked the share from the server
under security the users are given rights to the share individually AND the partner group there of which they are members
why isnt it giving the correct permissions ?
Can AD be malfunctioning ? How can I check ?
0
Andre P
Asked:
Andre P
2 Solutions
 
kevinhsiehCommented:
Access to a share is controlled by two things. Share permissions and NTFS permissions. The most restrictive permissions apply. I follow the old proactive of having everyone full permissions on the share, and then set the effective permissions via NTFS.

Here's how to set/check NTFS permissions.

http://www.ntfs.com/ntfs-permissions-setting.htm
0
 
MaheshArchitectCommented:
Have you added partner group "Modify" share permissions on sharing tab, else this is what expected
0
 
Andre PAuthor Commented:
It has full permissions .
so does the permissions on the directory. .what could over write that and give me access denied message when logging in as a member of partner share ?
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
MaheshArchitectCommented:
how you are trying to access share with member of partner group?

Are you logging on to workstation with account having partner group membership?

What is happening in that case?
Because you have added partner group on share tab and individual user on NTFS tab

Also try adding partner group on NTFS tab with required permissions

also logon to server with account having local admin member and check partner group and it members for effective access from shared folder NTFS permissions\advanced properties\effective access tab

If wanted, to you may take folder ownership for admin ID and then remove and add partner group again on share and NTFS tabs with required permissions
You can use MS tool called Subinacl to take folder ownership without destroying existing folder permissions
Check below article for Subinacl commands
https://www.experts-exchange.com/articles/17526/Windows-File-Server-Folder-ownership-problems-and-resolution.html
0
 
McKnifeCommented:
Three things:
1 NTFS permissions can be read out (and published here) using
icacls c:\yourfolder
2 share permissions like this:
net share yoursharenamehere
->Publish the output of both here.
3 "Share permissions and NTFS permissions - The most restrictive permissions apply" is not entirely correct. It is mostly correct, but it has exceptions, please see https://www.experts-exchange.com/questions/22108365/NTFS-and-share-permissions-I-found-a-difference-where-there-should-not-be-any.html
0
 
Thomas Zucker-ScharffSystems AnalystCommented:
Netwrix has a free tool to check permissions (https://www.netwrix.com/netwrix_effective_permissions_reporting_tool.html).
0
 
McKnifeCommented:
Andre, please report what you achieved with the netwrix tool and if it can really provide the same info as the commands I listed.
Also, I wonder if it notices the "exception to the rule" which I also linked. I guess I'll have to try it.
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now