Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Mapped permissions do not match local permissions

Status
Not open for further replies.
Teaorcoffee

Teaorcoffee

MIS
Sep 11, 2008
2
GB
This is a pretty odd problem, so maybe someone may have an idea why it might be happening. 1 share, and admin share. 1 local admin group (as per the norm), 3 domain groups, all admin groups. No normal user has access. Effective permissions on that share and subfolders say that a normal user has no rights. If I now map said share, a normal user has full control (as per effective permissions on that mapped share). The only way I can stop this happening is to remove the local admin group. This implies that a group ie the everyone groups is in that local admin group, which is not the case. I have setup a new share and tightened permissions and only added the local group, I have changed the share permissions to only allow auth users change rights. NTFS permissions are applied locally, where share permissions are applied when the drive is mapped. The more strict of the 2 overrides, so why does it look like the shared permissions are in control, yet the local admin groups is applying a less strict set of permissions. Perplexing...Any pointers or ideas would be glady received.
 
Sort by date Sort by votes
The more strict of the 2 overrides" only when the connection is made over network, if locally logged in the share permissions dont apply

can u explain a little more detailed

1 domain, several clients, 1 server?
1 share on the server, share permissions full control for auth. users, ntfs rights restrictions based on group membership? (best practice)?

what group has wich ntfs rights (effective), and has whom as a member?
in the domain, did u set up ou´s?
........?
 
Upvote 0 Downvote
Thank you, here is some more information.
1 Domain. The Share has 4 groups(NTFS permissions). 1 Local adminstrators group and 3 domain admin groups. The 3 admin groups are in different OU's. The share permissions are full control for AUTH users. The NTFS permissions are based on group memberships, there are only 3 domain and 1 local groups with access to this share, they all have full control (effective). No users outside of these groups have access, yet they seem to have full control. Members of the admin groups have full rights, but it appears users who are not part of this group also have full control.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
425
microsGuy16
microsGuy16
tscstl
  • Locked
  • Question
access to local folder
Replies
1
Views
237
hairlessupportmonkey
hairlessupportmonkey
dpellegrini
  • Locked
  • Question
Website will load using hostname but not IP address
Replies
3
Views
837
mangentle
mangentle
ADB100
  • Locked
  • Question
Single Windows 7 Ultimate workstation not applying Registry, Drive Map or Printers GPO settings
Replies
1
Views
243
technome
technome
goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
722
goombawaho
goombawaho

Part and Inventory Search

Sponsor

Back
Top