Windows 2003 Security/Permissions
Last response: in Windows 2000/NT
Archived from groups: microsoft.public.win2000.security (More info?)
Windows 2003 Server (Standard)
I have a share called COMMON & a security group called CORPORATE; I have
given corporate full security & permission to the common folder but users in
the corporate group are not able to put anything in common. If I give
individual users full security & permission it works fine.
Is there a basic rule for permissions & groups (security & distribution)? I
had it setup the same on my Windows 2000 server & it was fine.
Thanks for your help.
Windows 2003 Server (Standard)
I have a share called COMMON & a security group called CORPORATE; I have
given corporate full security & permission to the common folder but users in
the corporate group are not able to put anything in common. If I give
individual users full security & permission it works fine.
Is there a basic rule for permissions & groups (security & distribution)? I
had it setup the same on my Windows 2000 server & it was fine.
Thanks for your help.
More about : windows 2003 security permissions
Archived from groups: microsoft.public.win2000.security (More info?)
It almost sounds like either the group used, Corporate, is new,
or the user's membership in it is new, well, at least more recent
than their last login.
Group memberships for a login session are fixed at what exists
for an account at the time when it logs in.
--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"markmidwest" <markmidwest@discussions.microsoft.com> wrote in message
news:618B015F-679F-4564-9BA6-2494EBADFC4D@microsoft.com...
> Windows 2003 Server (Standard)
>
> I have a share called COMMON & a security group called CORPORATE; I have
> given corporate full security & permission to the common folder but users
in
> the corporate group are not able to put anything in common. If I give
> individual users full security & permission it works fine.
>
> Is there a basic rule for permissions & groups (security & distribution)?
I
> had it setup the same on my Windows 2000 server & it was fine.
>
> Thanks for your help.
It almost sounds like either the group used, Corporate, is new,
or the user's membership in it is new, well, at least more recent
than their last login.
Group memberships for a login session are fixed at what exists
for an account at the time when it logs in.
--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"markmidwest" <markmidwest@discussions.microsoft.com> wrote in message
news:618B015F-679F-4564-9BA6-2494EBADFC4D@microsoft.com...
> Windows 2003 Server (Standard)
>
> I have a share called COMMON & a security group called CORPORATE; I have
> given corporate full security & permission to the common folder but users
in
> the corporate group are not able to put anything in common. If I give
> individual users full security & permission it works fine.
>
> Is there a basic rule for permissions & groups (security & distribution)?
I
> had it setup the same on my Windows 2000 server & it was fine.
>
> Thanks for your help.
Archived from groups: microsoft.public.win2000.security (More info?)
Thank you for your reply.
I have been trying different combinations & think I found something I'm
doing wrong. The directory is D:\Users\Common; I have a share for Users &
another for Common. If I map directly to the share Common I have full
access. If I map a drive to the share Users & then navigate to Common I can
only Read; it's using the rights from the User share. Is it bad to have a
share within a share? My idea was to map S: to the Common share & then U: to
users. Maybe I need to change my directory scheme?
Thanks again.
"Roger Abell" wrote:
> It almost sounds like either the group used, Corporate, is new,
> or the user's membership in it is new, well, at least more recent
> than their last login.
> Group memberships for a login session are fixed at what exists
> for an account at the time when it logs in.
>
> --
> Roger Abell
> Microsoft MVP (Windows Security)
> MCSE (W2k3,W2k,Nt4) MCDBA
> "markmidwest" <markmidwest@discussions.microsoft.com> wrote in message
> news:618B015F-679F-4564-9BA6-2494EBADFC4D@microsoft.com...
> > Windows 2003 Server (Standard)
> >
> > I have a share called COMMON & a security group called CORPORATE; I have
> > given corporate full security & permission to the common folder but users
> in
> > the corporate group are not able to put anything in common. If I give
> > individual users full security & permission it works fine.
> >
> > Is there a basic rule for permissions & groups (security & distribution)?
> I
> > had it setup the same on my Windows 2000 server & it was fine.
> >
> > Thanks for your help.
>
>
>
Thank you for your reply.
I have been trying different combinations & think I found something I'm
doing wrong. The directory is D:\Users\Common; I have a share for Users &
another for Common. If I map directly to the share Common I have full
access. If I map a drive to the share Users & then navigate to Common I can
only Read; it's using the rights from the User share. Is it bad to have a
share within a share? My idea was to map S: to the Common share & then U: to
users. Maybe I need to change my directory scheme?
Thanks again.
"Roger Abell" wrote:
> It almost sounds like either the group used, Corporate, is new,
> or the user's membership in it is new, well, at least more recent
> than their last login.
> Group memberships for a login session are fixed at what exists
> for an account at the time when it logs in.
>
> --
> Roger Abell
> Microsoft MVP (Windows Security)
> MCSE (W2k3,W2k,Nt4) MCDBA
> "markmidwest" <markmidwest@discussions.microsoft.com> wrote in message
> news:618B015F-679F-4564-9BA6-2494EBADFC4D@microsoft.com...
> > Windows 2003 Server (Standard)
> >
> > I have a share called COMMON & a security group called CORPORATE; I have
> > given corporate full security & permission to the common folder but users
> in
> > the corporate group are not able to put anything in common. If I give
> > individual users full security & permission it works fine.
> >
> > Is there a basic rule for permissions & groups (security & distribution)?
> I
> > had it setup the same on my Windows 2000 server & it was fine.
> >
> > Thanks for your help.
>
>
>
Archived from groups: microsoft.public.win2000.security (More info?)
Only security groups can be given permissions to shares/folders. Make sure
that the group CORPORATE has change permissions to the share and at least
read/list/write ntfs permissions to the folder itself. For network users
their access to the share is the most restrictive of share or ntfs
permissions. The link below may help. --- Steve
http://support.microsoft.com/?id=301195
"markmidwest" <markmidwest@discussions.microsoft.com> wrote in message
news:618B015F-679F-4564-9BA6-2494EBADFC4D@microsoft.com...
> Windows 2003 Server (Standard)
>
> I have a share called COMMON & a security group called CORPORATE; I have
> given corporate full security & permission to the common folder but users
> in
> the corporate group are not able to put anything in common. If I give
> individual users full security & permission it works fine.
>
> Is there a basic rule for permissions & groups (security & distribution)?
> I
> had it setup the same on my Windows 2000 server & it was fine.
>
> Thanks for your help.
Only security groups can be given permissions to shares/folders. Make sure
that the group CORPORATE has change permissions to the share and at least
read/list/write ntfs permissions to the folder itself. For network users
their access to the share is the most restrictive of share or ntfs
permissions. The link below may help. --- Steve
http://support.microsoft.com/?id=301195
"markmidwest" <markmidwest@discussions.microsoft.com> wrote in message
news:618B015F-679F-4564-9BA6-2494EBADFC4D@microsoft.com...
> Windows 2003 Server (Standard)
>
> I have a share called COMMON & a security group called CORPORATE; I have
> given corporate full security & permission to the common folder but users
> in
> the corporate group are not able to put anything in common. If I give
> individual users full security & permission it works fine.
>
> Is there a basic rule for permissions & groups (security & distribution)?
> I
> had it setup the same on my Windows 2000 server & it was fine.
>
> Thanks for your help.
Archived from groups: microsoft.public.win2000.security (More info?)
It is not bad, but it can be confusing.
In this case there are two ways to get to the Common folder,
via the direct share at Common, or via the share at Users.
The share level permissions will always limit the allowed
effective NTFS permissions that can be exercised over the
network. So, if the two share have different share level
permissions then confusion may result.
--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"markmidwest" <markmidwest@discussions.microsoft.com> wrote in message
news:B43C10FF-6586-45D5-BA03-02E669CA44EC@microsoft.com...
> Thank you for your reply.
>
> I have been trying different combinations & think I found something I'm
> doing wrong. The directory is D:\Users\Common; I have a share for Users &
> another for Common. If I map directly to the share Common I have full
> access. If I map a drive to the share Users & then navigate to Common I
can
> only Read; it's using the rights from the User share. Is it bad to have a
> share within a share? My idea was to map S: to the Common share & then U:
to
> users. Maybe I need to change my directory scheme?
>
> Thanks again.
>
> "Roger Abell" wrote:
>
> > It almost sounds like either the group used, Corporate, is new,
> > or the user's membership in it is new, well, at least more recent
> > than their last login.
> > Group memberships for a login session are fixed at what exists
> > for an account at the time when it logs in.
> >
> > --
> > Roger Abell
> > Microsoft MVP (Windows Security)
> > MCSE (W2k3,W2k,Nt4) MCDBA
> > "markmidwest" <markmidwest@discussions.microsoft.com> wrote in message
> > news:618B015F-679F-4564-9BA6-2494EBADFC4D@microsoft.com...
> > > Windows 2003 Server (Standard)
> > >
> > > I have a share called COMMON & a security group called CORPORATE; I
have
> > > given corporate full security & permission to the common folder but
users
> > in
> > > the corporate group are not able to put anything in common. If I give
> > > individual users full security & permission it works fine.
> > >
> > > Is there a basic rule for permissions & groups (security &
distribution)?
> > I
> > > had it setup the same on my Windows 2000 server & it was fine.
> > >
> > > Thanks for your help.
> >
> >
> >
It is not bad, but it can be confusing.
In this case there are two ways to get to the Common folder,
via the direct share at Common, or via the share at Users.
The share level permissions will always limit the allowed
effective NTFS permissions that can be exercised over the
network. So, if the two share have different share level
permissions then confusion may result.
--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"markmidwest" <markmidwest@discussions.microsoft.com> wrote in message
news:B43C10FF-6586-45D5-BA03-02E669CA44EC@microsoft.com...
> Thank you for your reply.
>
> I have been trying different combinations & think I found something I'm
> doing wrong. The directory is D:\Users\Common; I have a share for Users &
> another for Common. If I map directly to the share Common I have full
> access. If I map a drive to the share Users & then navigate to Common I
can
> only Read; it's using the rights from the User share. Is it bad to have a
> share within a share? My idea was to map S: to the Common share & then U:
to
> users. Maybe I need to change my directory scheme?
>
> Thanks again.
>
> "Roger Abell" wrote:
>
> > It almost sounds like either the group used, Corporate, is new,
> > or the user's membership in it is new, well, at least more recent
> > than their last login.
> > Group memberships for a login session are fixed at what exists
> > for an account at the time when it logs in.
> >
> > --
> > Roger Abell
> > Microsoft MVP (Windows Security)
> > MCSE (W2k3,W2k,Nt4) MCDBA
> > "markmidwest" <markmidwest@discussions.microsoft.com> wrote in message
> > news:618B015F-679F-4564-9BA6-2494EBADFC4D@microsoft.com...
> > > Windows 2003 Server (Standard)
> > >
> > > I have a share called COMMON & a security group called CORPORATE; I
have
> > > given corporate full security & permission to the common folder but
users
> > in
> > > the corporate group are not able to put anything in common. If I give
> > > individual users full security & permission it works fine.
> > >
> > > Is there a basic rule for permissions & groups (security &
distribution)?
> > I
> > > had it setup the same on my Windows 2000 server & it was fine.
> > >
> > > Thanks for your help.
> >
> >
> >
Related ressources:
- ForumFolder Security/Permissions
- ForumIIS Help
- ForumHow to delete an old " Windows " Folder from the 2nd hdd?
- ForumWindows 7 same problems different dollar...
- Forumremote editing of HKCU under Windows NT 4.0
- ForumHow to detect hard disk actual size windows server 2003
- ForumWindows 98 client to windows 2003
- ForumNew Install
- ForumInstall outlook express 2003 windows 7
- ForumWord 2003 files slow to open on Windows 7 over SBS 2003 network
- ForumI still want to use Front Page 2003 with Windows 7
- ForumFree antivirus software for windows server 2003
- ForumRaid 5 configuration step by step in windows 2003
- ForumI need a Tool to reset all the NTFS folder and file permis..
- ForumAccess this computer from the network problem
- Forum[Solved] Is microsoft office 2003 Compatible with Windows 7
- ForumWill Microsoft Office outlook 2003 run on windows 7
- ForumWindows Server 2003 with 3 Network Cards
- ForumParallel and com ports not appearing in device manager
- ForumVB Scripting User Permissions on Folders
- More resources
!
