File Share Permissions Stumper

We have a Windows 2008 R2 File server. When we share folders we give Everyone Read, Change and Full Control share permissions and then use NTFS permissions to place restrictions.

We discovered a shared folder in which the Domain Users group has Read, List Folder Contents and Read & Execute NTFS permissions. However we discovered that our users can write to that folder. I checked Effective permissions and found that the Domain Users group only had Read, List Folder Contents and Read & Execute permissions, however when I check an individual user they indeed have write effective permissions. The users are not in any other groups that have any permissions on that share. So I am stumped, how does a group have read only permissions but the users in that group have write permissions?



Is it possible the users are indirectly members of a local group that has access to the folders?

See https://technet.microsoft.com/en-us/library/cc772184.aspx to see exactly how effective permissions are determined.

Perhaps "Users" (local group) has write access and Domain Users is a member of Users?



Is it possible the users are indirectly members of a local group that has access to the folders?

See https://technet.microsoft.com/en-us/library/cc772184.aspx to see exactly how effective permissions are determined.

Perhaps "Users" (local group) has write access and Domain Users is a member of Users?



Do you have "inherited permissions" enabled on the folder--if you do remove them and apply on the permissions you want on that shared folder.



We don't have any local groups on that server that contain domain users.

I unshared the folder, reset the NTFS permisions, then shared it again and it seems back to normal.



Okay, I apologize to Matt. Upon re-examination domain users were in a local server group with write permissions.



Share this

Related Posts

There was an error in this gadget