lianne143
asked on
Copied the NTFS permission after setting up a new share - But the user permission not working as how required.
Hi
We had a Window 2008 R2 server and we had a share and when user logs into the PCs, the share was getting mapped through GPO and the users were only being able to open files from this share and not able to edit and if required they were able to save the files home drives.
Now I have created a new share in Win 2012 and copied all the files from Window 2008R2 share to Windows 2012 share using robocopy.
I compared the permissions with Windows 2008 share and set the same permissions on windows 2012 share.
I have set the Windows 2012 share to map the drive using the GPO. When users log in the new share gets mapped.
But user are able to open files from the new share and edit and save files to this share, which I don’t want rather I would like user only to:
Also please see the attached snapshot of file permissions
Snapshot of file permissions .jpg
Any help will be great and Thanks in advance
We had a Window 2008 R2 server and we had a share and when user logs into the PCs, the share was getting mapped through GPO and the users were only being able to open files from this share and not able to edit and if required they were able to save the files home drives.
Now I have created a new share in Win 2012 and copied all the files from Window 2008R2 share to Windows 2012 share using robocopy.
I compared the permissions with Windows 2008 share and set the same permissions on windows 2012 share.
I have set the Windows 2012 share to map the drive using the GPO. When users log in the new share gets mapped.
But user are able to open files from the new share and edit and save files to this share, which I don’t want rather I would like user only to:
- To view the file
- Should not be able to edit
- Should not be able to save any files to the new share.
Also please see the attached snapshot of file permissions
Snapshot of file permissions .jpg
Any help will be great and Thanks in advance
Are the share permissions also read/write or full control? Shares have both ntfs AND share permissions.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
But user are able to open files from the new share and edit and save files to this share,...
what user? are they part of any group in the screenshot?
if they are in the students group, they would have read-only access since trying to write would be blocked at the share-level regardless if the file system allows it
seems details are a bit lacking
As mentioned, things don't match up...
Your pic shows Students have Read perms, which prevents writes, regardless of ntfs settings.
Your pic shows Students have Read perms, which prevents writes, regardless of ntfs settings.
ASKER
I used Robocopy to copy files from Windows 2008 server to Windows 2012 Server share.
It is the student user and the permissions are only for the students and they belong to students security group.
The should only be able to read the documents from the new share.
It is the student user and the permissions are only for the students and they belong to students security group.
The should only be able to read the documents from the new share.
ASKER
On the Windows 2012 new share if i remove the Read and execute permission , will that work ?
Thanks
Thanks
can users login into the 2012 RDS session? Just making sure you are not overlooking things.
ask the same user to create a new file. Then look at the file ownership and then look at which groups the user is a member off including tested.
Something is being overlooked.
can you confirm how the share is being accessed?
This is a validation question.
User who can make changes.
you have a mix of local and domain based groups in the share. an error in local group entries could explain the issue.
since you do not use explicit denials. a user who is a member of the local student group and that group is a member of the administrators group, will not be limited by the students group rights, but extend the Administrators read/write.
Share effective permissions can not be run, but ntfs security permissions under advanced, effective permissions could answer your question if usera a member of the students group reflects full or has modify rights on the director/files....
ask the same user to create a new file. Then look at the file ownership and then look at which groups the user is a member off including tested.
Something is being overlooked.
can you confirm how the share is being accessed?
This is a validation question.
User who can make changes.
you have a mix of local and domain based groups in the share. an error in local group entries could explain the issue.
since you do not use explicit denials. a user who is a member of the local student group and that group is a member of the administrators group, will not be limited by the students group rights, but extend the Administrators read/write.
Share effective permissions can not be run, but ntfs security permissions under advanced, effective permissions could answer your question if usera a member of the students group reflects full or has modify rights on the director/files....
Try removing the share. What happens?
ASKER
Thanks for your help. I deleted all the folders and files in the share I created in windows 2012. I think I am going freshly start, means create the share again and assign permissions.
I may mostly post if help is required.
I may mostly post if help is required.
FYI...
Share permissions given to users should always be Change (not Full).
When you robocopy, use the /COPYALL or /COPY:DATS switch, which copies the permissions along with the files.
Share permissions given to users should always be Change (not Full).
When you robocopy, use the /COPYALL or /COPY:DATS switch, which copies the permissions along with the files.