Questions

Share/NTFS permissions SBS2008

Tags:
+
0 Votes
Locked

Share/NTFS permissions SBS2008

barnesm6
I seem to have an issue with user access to shared folders on my server, I thought I'd set everything correct but I must be missing something or not fully understanding how the share and NTFS permissions work.

We have a single root folder on D:\Shared.
Within this folder are around 30 sub-folders, some all users require access to, some must only be accessed by directors and some only by the folder owner.
I set all the NTFS permissions prior to sharing the folders. The root folder 'Shared' is set to allow all users in WCUsers (this is all general staff) & Directors change permission then I used NTFS to lock down permissions to selected folders, for example the 'Board' folder has 'WCUsers' & 'Restricted Access' groups set to deny full control so no-one in these groups should have access (by the way none of the directors are part of this group), the 'Directors' group then has change permission to the 'Board' folder.

A security group called 'Restricted Access' has a single user (new staff) who only has access to one folder in the Shared directory (in theory)

When I check 'Effective Permissions' everything looks fine until I actually share the folder. I set the share permissions to allow the WCUsers and Directors 'change' and the Restricted access group 'read'.

I then VPN into the server and use random user accounts to log on and test folder access, first no-one could access anything until I added the Authenticated Users group to the share permissions and gave that 'Read' access. Checking it again gets me into the shared folder, but now everyone seems to be able to access any folder and file they want without any restriction.

I'm stumped.