Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Permission problems in windows 2000

Status
Not open for further replies.
ClowneUser

ClowneUser

MIS
Oct 12, 2005
204
GB
Hi,

We've got a really strange problem here, it seems to have happened since we came back from the christmas holidays...

Here's the problem:

certain users/groups cannot gain access to certain shares, they get access denied.

I've checked and users do have full access to both the share permissions and the ntfs permissions, but still get access denied.

I've done a bit of digging and it seems users can gain access to shares that are created in the root and users have permissions from the root down...

but if the share is created in a directory that they dont have permission to but have full access to both the share and ntfs permissions then they get access denied.

so it looks to me that security is screwed somewhere but im not sure where.

I tried creating a new subdirectory and gave users full permission, but still they get access denied.

Has anyone came across this problem before or know how we might solve this?

Thanks in advance.

Mick.
 
Sort by date Sort by votes
So let's get this straight, if you create a share on a subdirectory where the user has no access to the parent directory then this is by design. A user must have at minimum list access to the parent folder in order to allow them to "drill" down to the subdir where you have created your share.
Ex)
C:\subdir1 --> Everyone (L)ist
|
---- subdir2 (where your share is created) Everyone R+W+M

This is why it prob works at the root level since users usually have this access at the root of a drive. Hope this helps.
 
Upvote 0 Downvote
Hi Thanks for your reply.

I don't think that is correct.. if you create a share in a subdirectory the user doesn't need access to the parent directory to access the share thats why you give share permissions as well as ntfs permissions...

but i did find what the problem was...

in active directory someone had changed the bypass traverse checking setting ( at domain level) to be just administrator, when it needed to be everyone, as soon as i had changed this back it worked fine.

Thanks again for replying.

Mick.
 
Upvote 0 Downvote
Mick you are correct if bypass traverse checking is enabled this is not a requirement, but if it is disabled, then your other option was to provide min list access at the higher levels. Glad you got it solved.

Regards
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
676
Aquiles Vidal
Aquiles Vidal
ravalos
  • Locked
  • Question
Problem with PDFs in IIS
Replies
1
Views
1K
gbaughma
gbaughma
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
893
suncit
suncit
antonio_dsanchez
  • Locked
  • Question
post-installation WSUS windows server 2016
Replies
0
Views
531
antonio_dsanchez
antonio_dsanchez
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
1K
gbaughma
gbaughma

Part and Inventory Search

Sponsor

Back
Top