ClassicMixup All American 3877 Posts user info edit post |
Not sure if the title is 100% accurate.
Summary: -Requested a network drive on one of the national office servers -Access to network drive to be managed through a newly created Windows AD group -Network drive and AD group created -Needed to restrict access of AD group to read & execute. Was added as a user with full control to the network drive security list. Security list is currently: AD Group (modify), me (full control), Admin (full control) - this last one is managed by the IT Infrastructure guys.
Issue: -As a user with full control, I'm unable to change security permissions. Says access denied. Tried the standard log off/on. Reconnect network drive.
Why?
[Edited on November 15, 2012 at 3:32 PM. Reason : .] 11/15/2012 3:30:26 PM |
Shaggy All American 17820 Posts user info edit post |
if you're setting the security remotely (meaning you're accessing the network share via explorer and looking at folder security) then it may be that they forgot to give you full control at the share level. Forgetting to set the share permissions is like the #1 network share config mistake so thats probably what it is.
there are 2 levels of effective share permissions in windows NT. The NTFS permissions (which you're talking about) and the share permissions. share permissions are a backwards compatibility thing left over from the fat32 days. these permissions filter access before the ntfs permissions are applied, but they do not override them.
So if you have read access at the share level and full control at the ntfs level you get read access. if you have read access at the share level and NO access at the ntfs level, you get no access. in your case you want to have full control on the share level(which is probably missing) AND full control at the NTFS level (which you already have).
In reality NTFS permissions are always a better way to manage permissions so at the share level the special Everyone object should have Full Control. Theres no downside to this since the NTFS permissions will still be applied. Meaning that if you give Everyone full control at the share level, they will still be restricted by what they have at the NTFS level. If they're Full Control at the share level and no access at the ntfs level then the result is they have no access.
If share permissions are the problem, then whoever set this up proably either A) overlooked the share permissions or B) mistakenly believes giving everyone full access will override the ntfs permissions.
Sounds like a classic permissions mixup
[Edited on November 15, 2012 at 4:16 PM. Reason : f] 11/15/2012 4:13:40 PM |