question

AndreaVironda-1776 avatar image
0 Votes"
AndreaVironda-1776 asked FanFan-MSFT commented

Problem sharing a folder

Good morning sirs!
I created a folder in my WS2019 and I notice the owner is the group "administrators". Ok nice, so I created 2 users and put them under that group.

Now if I try to access the folder I can't, but if I create another group and I share the folder with it, I can successfully access.
Am I doing anything wrong?
81819-screenshot-2021-03-26-102749.jpg


windows-server-2016
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,
If there are any progress welcome to share here!
Any one who has experience on this will be appreciated to share here too!

Best Regards,

0 Votes 0 ·
MotoX80 avatar image
0 Votes"
MotoX80 answered AndreaVironda-1776 commented

I prefer to use the advanced sharing button to manage the share permissions, and the security tab to manage manage NTFS permissions.

In a server environment I would recommend using groups (local or Active Directory) wherever possible. That way you can organize access by role using meaningful names. For example AccountingTeam-Update, AccountingTeam-ReadOnly, Engineering-Update, and Engineering-ReadOnly.

When an employee leaves the company and his AD account is deleted then I don't have dead SID's all over my file system.

Review a user's access with the Effective Access tab.

82048-capture.jpg


81987-capture1.jpg


82082-capture2.jpg



capture.jpg (70.0 KiB)
capture1.jpg (40.0 KiB)
capture2.jpg (87.1 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

It could be a way,
But how to do when a single user need to access a folder that is not usually under it's control? For example a people of our purchase office also follow sales, but the other purchase guy doesn't.

Why are there 2 kind of permission (share and NTFS)?

0 Votes 0 ·
MotoX80 avatar image
0 Votes"
MotoX80 answered

The share permissions act as a filter to the NTFS permissions. So if you wanted to give a user update access to a folder, but only when he was RDP'd to the server, then the NTFS permissions would grant update access. The share permissions would be just read. That would prevent the user from updating the files through the network share.

The easiest thing to do is to grant everyone full control at the share and then use NTFS to control access to files/folders.

There is nothing "wrong" with granting access to an individual user. The challenge you will have is when your manager says "User XXXX has quit and we have hired user ZZZZ to replace him. Please give ZZZZ the same access that XXXX. had"

If you manage security by groups, it is relatively simple to see what groups user XXXX is a member of and add user ZZZZ to them. If you had to examine the folder/file permission on thousands of folders on many servers to find any reference to XXXX, that could be a challenge.

But that all depends on your environment and how you wish to implement and manage security.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

FanFan-MSFT avatar image
0 Votes"
FanFan-MSFT answered

Hi,
It you mean that you tried to add users into a local administrators group which have permission to access the resource, but the user didn't inherit the group's permission , try the following way:
https://social.technet.microsoft.com/Forums/en-US/fedbb110-556d-4d2f-83bb-fb679c125cc3/windows-server-2012-uac-folder-problem?forum=winserverfiles

Best Regards,

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.