Results 1 to 4 of 4

Thread: NTFS ACL and user groups

  1. #1
    Junior Member
    Join Date
    Nov 2005
    Posts
    19

    Post NTFS ACL and user groups

    Hi
    Can say whether this is the right forum for this question, as this question might come more into AD issues than microsoft security but still i m sure i will get the answer that's why am putting it in here as well.

    I got shared folders and have puti n DFS.
    Am running Win2k3 SP1 and domain functional level is the highest, i.e. windows 2003
    Have created security groups in the AD, and have added some users to the groups.
    Now wht i had wanted was to give access to the shared folders to specific groups. By default the sharing permission is everyone read only. I have tried few options to achieve :
    1) removed everyone and added the the security groups and the NTFS acl's are default.
    2) Also tried with keeping everyone in the shares permission with read and change permission, and in NTFS permissions removed the inheritance and added the security groups with full permissions.

    What i wanted is that only specific users get access to specific folders, but using groups i m not able to achieve this. I even changed the groups to universal, global, and domain local, but nothing is helping.

    If i add a particular user to the permissions then that user can access that folder, but if the group is added and that user is part of that group then he get access denied.

    Where are the permissions conflicting, i just dont know. Or is it that shares through DFS have got some issues with permissions.

    Any suggestions or any links to read further on permissions, would be very helpful.

    Thanks
    You can close your eyes to what you donot want to see,
    But you cannot close your heart to what you donot want to feel.

  2. #2
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    AFAIK...at the share level users need full control....then you can use the security tab (file and folder permissions)and further define what the users\ groups and do

    instead of the Everyone group you can use Authenticated Users

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  3. #3
    Junior Member
    Join Date
    Nov 2005
    Posts
    19
    This has worked, thanks a lot.
    But then does everyone doesnot include authenticated users
    You can close your eyes to what you donot want to see,
    But you cannot close your heart to what you donot want to feel.

  4. #4
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Everyone ...means EVERYONE

    Authenticated included..

    Although Authenicated doesnt include Everyone

    Authenticated is users with a username and password.

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •