Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Folder Secutity

Status
Not open for further replies.
speaktek

speaktek

Programmer
Dec 7, 2002
152
US
Regarding folder Security:
I setup Global Security Group: Accounting
I assigned user to this Group (Karen)
I assigned this Group to the Accounting Folder.

Karen cannot access folder…?
If I assign Karen to the folder directly, she had access…?

Any thoughts? I’d prefer to manage with Groups…
 
Sort by date Sort by votes
Hmmmm....I went back to check settings again, and the 'Group' associated to the folder was replaced with '?' (Some numeric info/address or something).

I removed this bogus entry, and reselcted the Group, and now it works...?
 
Upvote 0 Downvote
That bogus number you saw was probably the SID (security Identifier that every object in Active Directory receives)
 
Upvote 0 Downvote
Any idea what happened there? Originally when I set it up, it was fine...?

Thanks for the reply!
 
Upvote 0 Downvote
I'm guessing that you:
1) setup Global Security Group: Accounting
2) assigned this Group to the Accounting Folder
3) deleted Accounting security group
4) re-created Accounting security group
5) assigned user to this Group (Karen)

The group you initially given permission to the Accounting folder will not be the same as the one you re-created, even though you have given them the same name.
Windows actually identifies the group by its SID (the "?" that you saw), and when you re-create the group, the new group created will have a different SID.
While the initial group was deleted, it's no longer been recongized as "Accounting", therefore you see its SID listed instead of "Accounting".
 
Upvote 0 Downvote
Outstanding! As a matter of fact...the initial implementation did not work, so I did delete/re-create it. It finally worked upon another delete/create.

Thanks Again!

 
Upvote 0 Downvote
One additional comment here. To make this work, the user has to log off and log back in after getting assigned to a group. During the logon process the "security token" that is given to the user by the DC contains group membership. That token is not refreshed until the next logon. If you have multiple DC's you must wait until DC that is local to the user has replicated with the DC where the group membership was changed before logging the user off and on.

PSC

Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

sburgess73
  • Locked
  • Question
MSIPCCache Folder
Replies
0
Views
257
sburgess73
sburgess73
tscstl
  • Locked
  • Question
access to local folder
Replies
1
Views
382
hairlessupportmonkey
hairlessupportmonkey
StevenFromSouth
  • Locked
  • Question
VPN Connects but cannot access remote network computers or folders
Replies
1
Views
347
StevenFromSouth
StevenFromSouth
Dave60608
  • Locked
  • Question
Accessing shared folders via a network
Replies
5
Views
684
strongm
strongm
juliog
  • Locked
  • Question
Unable to get Server 2019 GPO Redirected Folders to Work on Windows 7
Replies
1
Views
317
tacohunter
tacohunter

Part and Inventory Search

Sponsor

Back
Top