We have a new 2008 Server setup to replace an Apple OSX server. Our first Windows file server in years so bear with me.
I have a share created and gave read access to the department using it. The Data folder below that gives the department R/W access to everything. There are only 2 special access folders, on which I turned off 'Include Inherited Permissions from this objects parent' and removed the department from the list. Then I added an Active Directory group and gave them R/W.
At this point my test account could browse the whole Data structure, but not see the special access folders. Good. Then I added my test account to that AD group to verify access. But it doesn't work - I couldn't get in. I needed to log off the client machine (disconnecting and reconnecting the share didn't help), and upon logging back in and reconnecting to the share I could see the secured folders. Removing the test user from the AD group had the same problem. I could access the folder for hours after, until I tried logging in and out to 'fix' the problem.
I tried gpupdate on client and server to no avail. And the Effective Permissions tab shows the expected rights, but the client doesn't seem to care. Seems weird to have to log off of the client for security on the server to take affect.
Server is 2008 SP1, client is XP Pro SP2.
What am I missing?
J
I have a share created and gave read access to the department using it. The Data folder below that gives the department R/W access to everything. There are only 2 special access folders, on which I turned off 'Include Inherited Permissions from this objects parent' and removed the department from the list. Then I added an Active Directory group and gave them R/W.
At this point my test account could browse the whole Data structure, but not see the special access folders. Good. Then I added my test account to that AD group to verify access. But it doesn't work - I couldn't get in. I needed to log off the client machine (disconnecting and reconnecting the share didn't help), and upon logging back in and reconnecting to the share I could see the secured folders. Removing the test user from the AD group had the same problem. I could access the folder for hours after, until I tried logging in and out to 'fix' the problem.
I tried gpupdate on client and server to no avail. And the Effective Permissions tab shows the expected rights, but the client doesn't seem to care. Seems weird to have to log off of the client for security on the server to take affect.
Server is 2008 SP1, client is XP Pro SP2.
What am I missing?
J