Windows 2003 Security/Permissions

G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

Windows 2003 Server (Standard)

I have a share called COMMON & a security group called CORPORATE; I have
given corporate full security & permission to the common folder but users in
the corporate group are not able to put anything in common. If I give
individual users full security & permission it works fine.

Is there a basic rule for permissions & groups (security & distribution)? I
had it setup the same on my Windows 2000 server & it was fine.

Thanks for your help.
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

It almost sounds like either the group used, Corporate, is new,
or the user's membership in it is new, well, at least more recent
than their last login.
Group memberships for a login session are fixed at what exists
for an account at the time when it logs in.

--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"markmidwest" <markmidwest@discussions.microsoft.com> wrote in message
news:618B015F-679F-4564-9BA6-2494EBADFC4D@microsoft.com...
> Windows 2003 Server (Standard)
>
> I have a share called COMMON & a security group called CORPORATE; I have
> given corporate full security & permission to the common folder but users
in
> the corporate group are not able to put anything in common. If I give
> individual users full security & permission it works fine.
>
> Is there a basic rule for permissions & groups (security & distribution)?
I
> had it setup the same on my Windows 2000 server & it was fine.
>
> Thanks for your help.
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

Thank you for your reply.

I have been trying different combinations & think I found something I'm
doing wrong. The directory is D:\Users\Common; I have a share for Users &
another for Common. If I map directly to the share Common I have full
access. If I map a drive to the share Users & then navigate to Common I can
only Read; it's using the rights from the User share. Is it bad to have a
share within a share? My idea was to map S: to the Common share & then U: to
users. Maybe I need to change my directory scheme?

Thanks again.

"Roger Abell" wrote:

> It almost sounds like either the group used, Corporate, is new,
> or the user's membership in it is new, well, at least more recent
> than their last login.
> Group memberships for a login session are fixed at what exists
> for an account at the time when it logs in.
>
> --
> Roger Abell
> Microsoft MVP (Windows Security)
> MCSE (W2k3,W2k,Nt4) MCDBA
> "markmidwest" <markmidwest@discussions.microsoft.com> wrote in message
> news:618B015F-679F-4564-9BA6-2494EBADFC4D@microsoft.com...
> > Windows 2003 Server (Standard)
> >
> > I have a share called COMMON & a security group called CORPORATE; I have
> > given corporate full security & permission to the common folder but users
> in
> > the corporate group are not able to put anything in common. If I give
> > individual users full security & permission it works fine.
> >
> > Is there a basic rule for permissions & groups (security & distribution)?
> I
> > had it setup the same on my Windows 2000 server & it was fine.
> >
> > Thanks for your help.
>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

Only security groups can be given permissions to shares/folders. Make sure
that the group CORPORATE has change permissions to the share and at least
read/list/write ntfs permissions to the folder itself. For network users
their access to the share is the most restrictive of share or ntfs
permissions. The link below may help. --- Steve

http://support.microsoft.com/?id=301195

"markmidwest" <markmidwest@discussions.microsoft.com> wrote in message
news:618B015F-679F-4564-9BA6-2494EBADFC4D@microsoft.com...
> Windows 2003 Server (Standard)
>
> I have a share called COMMON & a security group called CORPORATE; I have
> given corporate full security & permission to the common folder but users
> in
> the corporate group are not able to put anything in common. If I give
> individual users full security & permission it works fine.
>
> Is there a basic rule for permissions & groups (security & distribution)?
> I
> had it setup the same on my Windows 2000 server & it was fine.
>
> Thanks for your help.
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

It is not bad, but it can be confusing.
In this case there are two ways to get to the Common folder,
via the direct share at Common, or via the share at Users.
The share level permissions will always limit the allowed
effective NTFS permissions that can be exercised over the
network. So, if the two share have different share level
permissions then confusion may result.

--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"markmidwest" <markmidwest@discussions.microsoft.com> wrote in message
news:B43C10FF-6586-45D5-BA03-02E669CA44EC@microsoft.com...
> Thank you for your reply.
>
> I have been trying different combinations & think I found something I'm
> doing wrong. The directory is D:\Users\Common; I have a share for Users &
> another for Common. If I map directly to the share Common I have full
> access. If I map a drive to the share Users & then navigate to Common I
can
> only Read; it's using the rights from the User share. Is it bad to have a
> share within a share? My idea was to map S: to the Common share & then U:
to
> users. Maybe I need to change my directory scheme?
>
> Thanks again.
>
> "Roger Abell" wrote:
>
> > It almost sounds like either the group used, Corporate, is new,
> > or the user's membership in it is new, well, at least more recent
> > than their last login.
> > Group memberships for a login session are fixed at what exists
> > for an account at the time when it logs in.
> >
> > --
> > Roger Abell
> > Microsoft MVP (Windows Security)
> > MCSE (W2k3,W2k,Nt4) MCDBA
> > "markmidwest" <markmidwest@discussions.microsoft.com> wrote in message
> > news:618B015F-679F-4564-9BA6-2494EBADFC4D@microsoft.com...
> > > Windows 2003 Server (Standard)
> > >
> > > I have a share called COMMON & a security group called CORPORATE; I
have
> > > given corporate full security & permission to the common folder but
users
> > in
> > > the corporate group are not able to put anything in common. If I give
> > > individual users full security & permission it works fine.
> > >
> > > Is there a basic rule for permissions & groups (security &
distribution)?
> > I
> > > had it setup the same on my Windows 2000 server & it was fine.
> > >
> > > Thanks for your help.
> >
> >
> >