access denied on shared folder 1

[mquinn0908]

I have setup several shared folders (one for each of our departments) and the appropriate share gets mapped when the user logs on. The mappings work however I can not add, edit, delete any of the contents of the folder as I receive the "destination folder access denied - you need permission to perform this action" error message. I have given the appropriate users full control on the share and it still give me this error. Any ideas as to what I am missing?

Thank you.

Mandy
MCP/A+/Network+

 

[FaiTHLeSS]

Have you done the NTFS permissions to?

 

[mquinn0908]

Where are the NTFS permissions set at. I have gone into the properties of the folder and set the users in the security tab...is this where I would do that? Thank you.

Mandy
MCP/A+/Network+

 

[FaiTHLeSS]

Yes, thats where you will need to set the other permissions.

 

[mquinn0908]

That is what I thought and I have given the user full control over the folder.

Here is what the permissions are and other then the user all the others were what were already there:

CREATOR OWNER - special permissions
SYSTEM - full control, modify, read & execute, list folder contents, read, write
sjones (user acct) - full control
Administrators (servername\Administrators)- full control, modify, read & execute, list folder contents, read, write
Users (servername\Users) - read & execute, list folder contents, read & special permissions


Mandy
MCP/A+/Network+

 

[FaiTHLeSS]

What access did you give them at the share level?

 

[mquinn0908]

under file sharing these are the users and the permission level:

administrators - owner
Everyone - reader
LC_HWYadmin - co-owner

Mandy
MCP/A+/Network+

 

[FaiTHLeSS]

Ok im a bit confused about owner/co-owner/reader

On shares the permissions are Full Control, Change, Read

The user or the security group that is trying to access the share, will need at least "change" to be able to add/change/modify files else they will just get read permissions.

 

[mquinn0908]

sorry.

under the advanced sharing permissions this is what i have:

everyone - read
user acct - full control

Mandy
MCP/A+/Network+

 

[FaiTHLeSS]

and they can only read the files and cant do anything else?

If you have the done following:

Share Permissions - Users has Change or Full Control.

NTFS Permissions/ Security Tab - User has Modify or Full Control

Then the user should be able to change/delete/modify etc all files.

Also make sure that the permissions have inherited down the structure for the user permissions if you wish them to be able todo the above to any sub folders.

 

[mquinn0908]

okay after some testing this is what i have found. i was adding a group (with full control) to the permissions and the user i am signed on with is a part of that group and i can not add/remove/edit any contents of the shared folder. however, if i just add the user account (with full control) then i can add/remove/edit anything in the folder without a problem.

why can i not do this with the group as it will be a pain to always add/remove individual users from the share vs adding/removing a group?

Mandy
MCP/A+/Network+

 

[FaiTHLeSS]

Have you added the security group to both the share and ntfs security permissions?

Just like you would do with the user account.

 

[mquinn0908]

the share permissions are:

everyone: read
lc_swuser: full control

the ntfs security permissions are:

CREATOR OWNER - special permissions
SYSTEM - full control, modify, read & execute, list folder contents, read, write
lc_swuser (user group) - full control
Administrators (servername\Administrators)- full control, modify, read & execute, list folder contents, read, write
Users (servername\Users) - read & execute, list folder contents, read & special permissions

Mandy
MCP/A+/Network+

 

[technome]

Mandy

Share.......

" everyone: read
lc_swuser: full control "

Should be....
everyone: FULL !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

remove lc_swuser: full control NOT needed!!!!!!


The only share permission needed is Everyone: Full
System or Administrators is not needed !!!!!!!

NTFS permissions within the volume or share.....
authenticated user or everyone LIST (explained below)
System FULL
Administrators FULL
(sometimes, rarely, maybe also Network: Full if a particular program needs it)


For the NTFS, I only allow LIST for authenticated users/or everyone in the root of the share, so users below administrator status can not create folder/files in the root; otherwise the common user will create a trash dump on the root, which will quickly get out of hand, being very difficult to clean up.

Then I create each main directory,depending on the directory, I give permissions on the individual directories for particular groups. Generally the main directories on the root are restricted, I create sub directories and grant permissions with less restrictions to groups like authenticated users/everyone.

Last step, on highly restricted main directories on the root EG. \Boss, \Admins \Install, I remove all users except for administrators/bosses so common users can not even see the directories in combination with ABE.

Mark Minasi's Master Windows Server 200x series by Sybex explains permission well.

........................................
Chernobyl disaster..a must see pictorial

http://www.kiddofspeed.com/default.htm

 

[Titleist]

If you added a "Group" to the permissions the "User" will have to log off then log back on to get the new group membership....