Link to home
Start Free TrialLog in
Avatar of lianne143
lianne143Flag for United States of America

asked on

Copied the NTFS permission after setting up a new share - But the user permission not working as how required.

Hi 
 
We had a Window 2008 R2 server and we had a share and when user logs into the PCs, the share was getting mapped through GPO and the users were only being able to open files from this share and not able to edit and if required they were able to save the files home drives.

Now I have created a new share in Win 2012 and copied all the files from Window 2008R2 share to Windows 2012 share using robocopy.

I compared the permissions with Windows 2008 share and set the same permissions on windows 2012 share.
I have set the Windows 2012 share to map the drive using the GPO. When users log in the new share gets mapped.

But user are able to open files from the new share and edit and save files to this share, which I don’t want rather I would like user only  to:
  1. To view the file
  2. Should not be able to edit 
  3. Should not be able to save any files to the new share.
Please let me know if I have missed any permission level.
Also please see the attached snapshot of file permissions
Snapshot of file permissions .jpg 

Any help will be great  and Thanks in advance
Avatar of David Johnson, CD
David Johnson, CD
Flag of Canada image

Are the share permissions also read/write or  full control? Shares have  both ntfs AND share permissions.

ASKER CERTIFIED SOLUTION
Avatar of arnold
arnold
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
But user are able to open files from the new share and edit and save files to this share,...

what user?  are they part of any group in the screenshot?
if they are in the students group, they would have read-only access since trying to write would be blocked at the share-level regardless if the file system allows it

seems details are a bit lacking

As mentioned, things don't match up...

Your pic shows Students have Read perms, which prevents writes, regardless of ntfs settings.
Avatar of lianne143

ASKER

I used Robocopy to copy files from Windows 2008 server to Windows 2012 Server share.

It is the student user  and the permissions are only for the students and they belong to students security group.
The should only be able to read the documents from the new share.
On the Windows 2012 new share if i remove the Read and execute permission , will that work ?
Thanks 
can users login into the 2012 RDS session? Just making sure you are not overlooking things.

ask the same user to create a new file. Then look at the file ownership and then look at which groups the user is a member off including tested.

Something is being overlooked.
can you confirm how the share is being accessed?

This is a validation question.
User who can make changes.
you have a mix of local and domain based groups in the share. an error in local group entries could explain the issue.
since you do not use explicit denials. a user who is a member of the local student group and that group is a member of the administrators group, will not be limited by the students group rights, but extend the Administrators read/write.

Share effective permissions can not be run, but ntfs security permissions under advanced, effective permissions could answer your question if usera a member of the students group reflects full or has modify rights on the director/files....
Try removing the share. What happens?
Thanks for your help. I deleted all the folders and files in the share I created in windows 2012. I think I am going freshly start, means create the share again and assign permissions.
I may mostly post if help is required.
FYI...

Share permissions given to users should always be Change (not Full).

When you robocopy, use the /COPYALL or /COPY:DATS switch, which copies the permissions along with the files.