0

I created a shared folder on a Windows Server 2003 Machine, and tried accessing it from a remote Windows 7 machine. The user is part of the AD, and the sharing permissions are 'Modify' to everyone. I added the user to a Domain Local group and gave the group NTFS 'Modify' Permission on the folder - the user can't edit content. But when I specifically added the user to the NTFS permissions and gave him 'Modify' - the user could change the content. The group has no other permissions delegating to it. Also I checked the effective permissions on the user when the group had the permissions and he had 'Modify' delegated to him.

I checked with senior admin but he has no idea.

Dean
  • 1,009
  • 3
  • 10
  • 19
  • You should be able to add the users group to the share then security settings allow authenticated users/domain users change/modify – Branden May 23 '11 at 05:30

2 Answers2

1

I normally see this issue when one step has been overlooked. After adding the user to the domain (or any other) group the user must log off and back on again before the group membership will take effect.

John Gardeniers
  • 27,458
  • 12
  • 55
  • 109
1

I'm in agreement with John that the user has not likely logged off yet. The user's combined Share and NTFS permissions are MODFIY, so that should not be the problem. You can verify if the user has the new group in their security token by running gpresult /r and checking if the domain local group appears.

HostBits
  • 11,796
  • 1
  • 25
  • 39