Security – Win Server Security: Why do members of a group not get access when the Group has permission

groupspermissionsSecuritywindows-server-2008

Environment: No Active Directory and no Domain Controller. Server is Win 2008

I have a directory with only ALLOW permissions set (no DENY permission)..and no inherited permissions. I have two groups(Administrators and CoOwners) set to Full control. However, the members of that group are not able to view/modify the folder.

If I explicitly add the 'Administrator' with full permissions, for example, then that user can access/modify fine. Why isn't giving the GROUP permission giving the members of that group the access I would expect?

Any input/suggestions are appreciated.

Best Answer

At a guess, I would say that group membership hasn't been established yet.

When you establish an SMB connection with a server, that's when the server determines which groups you are a part of. Changes to group membership won't take effect until the SMB connection is reset. Use the whoami tool to verify this.

> whoami /groups

You can get a list of open sessions using the Share and Storage Management administrative tool, and you can even close an SMB session right there, which makes testing much faster.

Update: It is usually a good idea to only assign permissions at the NTFS level. Try changing your share permissions to allow "Full Control" for "Everyone" to eliminate one possible cause.

Best Answer

Related Solutions

Security – Why would permissions for Administrators group be inherited from the drive root, when it has been explicitly removed from the permissions list of the drive root? (Windows Server 2003)

Security – Can’t access windows share when in security group assigned to share

Related Topic