Quantcast
Viewing all articles
Browse latest Browse all 1766

Local group overrides NTFS

I have to admit, I'm a little lost here.  And I'm not sure if this is a permission issue or a group policy issue.  Here's the story:  I have volume that I've shared and given full share rights to the Authenticated Users group,  the Domain Admins group, and the Domain Users group.  NTFS rights show full access to the Domain Admins group and SYSTEM user.  I also show the CREATOR OWNER user has full access as well, but only applied to subfolders and files.  I've also got an test group with the List Folder / read data and the Read attributes permissions applied to the folder only.

Next, I have several folders inside this shared volume which inherits its rights from the parent.  Each of these folders represents a different department (accounting, sales, support, etc).  For each of these, I've created a custom group and granted full control to the corresponding folder.

So far, this seems to work great.  If I login with a user in my accounting group they will see the accounting folder, but not the sales and support folders. 

Now my issue:  I need my support staff to be able to change their workstations network settings.  So by way of group policy, I've set all support users up to be inside the BUILTIN\Network Configuration Operators group of the local workstation.  Now, when I login at the workstation with a user within the support group I can access all directories under my share. 


Viewing all articles
Browse latest Browse all 1766

Trending Articles