Access rights to documents on fileserver for non-administrators (Windows Server 2016)
Have some issues with a Domain - windows Server 2016 acting as a PDC and fileserver and some Windows10pro clients.
Windows clients connect to the fileserver without issues. They mount the fileserver shares and can read and write files. But there's one issue I haven't found a solution yet:
If a user wihthout administrator rights stores an office file (MS Office as well as LibreOffice!!) into a folder of a fileserver share, the store command works without any issues. But if the user closes the document, it vanishes. It doesn't vanish completely but only for non-administrative users. Administrators see the document and can open, modify and store it. If you take a look at the properties of the document in the security tab, there is no owner assigned to the document. Some Administrator must assign an owner and give rights to "Everybody" "Full Access" - then the document is visible and modifiable by non-administrators as well. It stays visible, if a non-administrator stores it again.
This behaviour is only with office documents. A text document (notepad, wordpad etc...) works without any issues.
Is there somebody who has seen this behaviour and has hints for me to solve it?
Best Regards
Bernhard
Windows clients connect to the fileserver without issues. They mount the fileserver shares and can read and write files. But there's one issue I haven't found a solution yet:
If a user wihthout administrator rights stores an office file (MS Office as well as LibreOffice!!) into a folder of a fileserver share, the store command works without any issues. But if the user closes the document, it vanishes. It doesn't vanish completely but only for non-administrative users. Administrators see the document and can open, modify and store it. If you take a look at the properties of the document in the security tab, there is no owner assigned to the document. Some Administrator must assign an owner and give rights to "Everybody" "Full Access" - then the document is visible and modifiable by non-administrators as well. It stays visible, if a non-administrator stores it again.
This behaviour is only with office documents. A text document (notepad, wordpad etc...) works without any issues.
Is there somebody who has seen this behaviour and has hints for me to solve it?
Best Regards
Bernhard
Steven Atencio
Do you have "access based enumeration" enabled on the shares? If so maybe there's some conflicting permissions causing the user to be able to write to the share but not list the contents of the folder so it's being hidden? But if it's only happening with office docs that might not be the case. It may be something to check though if you haven't already.
ASKER
@steven Atencio
I tried it with and without "access based enumeration". If I swich it off, then the documents are seen, but if i try to open, I get "access denied"
I tried it with and without "access based enumeration". If I swich it off, then the documents are seen, but if i try to open, I get "access denied"
Interesting. Is the folder inheriting permissions from a parent folder? If not are there any permissions between this folder and it's parent that might be conflicting?
ASKER
The folder is inheriting permissions from a parent folder and all users have "full access"...
Are those permissions consistent with the permissions you set when creating the share on the server via the Server management tool? I've seen similar things happen with a Netapp SAN where the SAN had permissions that conflicted with the folder permissions.
Unfortunately I'm running out of ideas if that's not the case. I will keep trying to think of anything else that may be causing this though. Maybe someone else will be able to chime in also and give some helpful information.
Unfortunately I'm running out of ideas if that's not the case. I will keep trying to think of anything else that may be causing this though. Maybe someone else will be able to chime in also and give some helpful information.
ASKER
Windows sucks...
The Problem was that the folder had appropriate rights, but the share missed something. Defining the share It's not enough to give read and write access to the group "Everybody". You have to provide read and write access to a group the user is in ("Domain Users" or a group the user is assigned to).
After giving read and write access for the share to a group the user was in, the user coud create, modify and delete Office files.
Weird that it only happens to office files but not to ordinary files. Obviously windows treats office files as folders with different access rules than ordinary files.
The Problem was that the folder had appropriate rights, but the share missed something. Defining the share It's not enough to give read and write access to the group "Everybody". You have to provide read and write access to a group the user is in ("Domain Users" or a group the user is assigned to).
After giving read and write access for the share to a group the user was in, the user coud create, modify and delete Office files.
Weird that it only happens to office files but not to ordinary files. Obviously windows treats office files as folders with different access rules than ordinary files.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.