October 18th, 2006, 02:44 PM
NTFS ACL and user groups
Can say whether this is the right forum for this question, as this question might come more into AD issues than microsoft security but still i m sure i will get the answer that's why am putting it in here as well.
I got shared folders and have puti n DFS.
Am running Win2k3 SP1 and domain functional level is the highest, i.e. windows 2003
Have created security groups in the AD, and have added some users to the groups.
Now wht i had wanted was to give access to the shared folders to specific groups. By default the sharing permission is everyone read only. I have tried few options to achieve :
1) removed everyone and added the the security groups and the NTFS acl's are default.
2) Also tried with keeping everyone in the shares permission with read and change permission, and in NTFS permissions removed the inheritance and added the security groups with full permissions.
What i wanted is that only specific users get access to specific folders, but using groups i m not able to achieve this. I even changed the groups to universal, global, and domain local, but nothing is helping.
If i add a particular user to the permissions then that user can access that folder, but if the group is added and that user is part of that group then he get access denied.
Where are the permissions conflicting, i just dont know. Or is it that shares through DFS have got some issues with permissions.
Any suggestions or any links to read further on permissions, would be very helpful.
You can close your eyes to what you donot want to see,
But you cannot close your heart to what you donot want to feel.