Re: Win 2003 - Share can be read with no NTFS permission?

From: Pat (nobody_at_nobody.com)
Date: 10/28/04 

Date: Thu, 28 Oct 2004 07:56:35 -0400

The share is on my DC, my test user had local Admin rights on the WS.
I removed the test user from the local Admin group and logged off and
on. I can create a folder on the share. It gives the user group R and
the test user Full control inherited from the parent folder. On the
share on the DC, I have Share permissions= Full control and R for the
test group. How is the test user inheriting full permissions?

On Wed, 27 Oct 2004 18:55:51 GMT, "Steven L Umbach"
<n9rou@n0-spam-for-me-comcast.net> wrote:

>I think your problem may be that the user you are testing with is a local
>administrator on the computer where the share exists. The administrators
>group may have full control permissions to the folder. Try removing your
>test user from the local administrators group and try again after logging
>off and logging back on. If the creator/owner is present, the user that
>creates the file will receive those permissions which usually are full
>control.
>
>To create a share where you want users to only read files give the users
>group only read permissions to the share and read/list for ntfs folder
>permissions and make sure the users are not members of another group that
>has more than read permissions to the share/folder. --- Steve
>
>
>"Pat" <nobody@nobody.com> wrote in message
>news:qjgvn0pq346u0i8qem51j089k5iopghplk@4ax.com...
>> If I setup a sharecalled share2 with full share permissions and add a
>> group called testgroup and put a user called test in that group and
>> give the group R permissions on the folder. I then logon at a WS with
>> the user Test who is a domain user default rights on the domain and
>> administrative rights on the WS, I have Read rights on any
>> folders\files that were created by the admin on the server in share2.
>> I cannot delete these. I can create a file and in the NTFS permissions
>> I have Read rights on the testgroup group and it also puts in the test
>> user with full rights. where do the full rights come from. If I just
>> want a share that users can only read, not write or modify how can I
>> do that?
>> On Wed, 27 Oct 2004 10:05:31 -0400, Pat <nobody@nobody.com> wrote:
>>
>>>I have setup a similar setup, with a new share with default
>>>permissions in W3K (read). Add a test user with R X L R ntfs
>>>permissions. I logon with a workstation on that domain as test user
>>>and try to create a folder and file in the share with no success. If I
>>>add change to the share permissions I can create a folder and file in
>>>the share. I thought the least restrictive permissions were applied
>>>between shares and NTFS?
>>>On Wed, 27 Oct 2004 03:37:51 GMT, "Steven L Umbach"
>>><n9rou@n0-spam-for-me-comcast.net> wrote:
>>>
>>>>You show that users have read/list permissions to that folder. Since you
>>>>are
>>>>in a domain, that is enough to allow another domain user to access the
>>>>folder from another domain computer. --- Steve
>>>>
>>>>"Patrick Saunders" <psaunder@comcen.com.au> wrote in message
>>>>news:7bfe00fe.0410261755.11d2fffa@posting.google.com...
>>>>> Hi,
>>>>> I apoligise in advance if this is the wrong newsgroup - I could not
>>>>> find one for win2003.
>>>>>
>>>>> Scenario:
>>>>>
>>>>> I have small test domain with couple of machines.
>>>>>
>>>>> 1. On a member win2003 server machine '2K3Client' I created folder
>>>>> "c:\ShareA"
>>>>> 2. I shared folder "ShareA", with default permissions.
>>>>>
>>>>> This shows permissions as such:
>>>>>
>>>>> Share permissions
>>>>> =================
>>>>> Everyone - Read
>>>>>
>>>>>
>>>>> NTFS Security permissions
>>>>> ==========================
>>>>> Administrators(2K3Client\Administrators) - Full
>>>>> SYSTEM - Full
>>>>> Users (2K3Client\Users) - Read,List, Special.
>>>>>
>>>>>
>>>>> Question:
>>>>> ------------
>>>>> I log into another machine as a test user, with no special
>>>>> privelleges.
>>>>> I can navigate to the share "ShareA" on Machine "2k3Client" AND I can
>>>>> view
>>>>> the contents of that folder.
>>>>>
>>>>> I do not understand why I can see contents of folder if there are no
>>>>> NTFS permissions to allow this? Can someone please explain?
>>>>>
>>>>> Many thanks in advance,
>>>>>
>>>>> Patrick.
>>>>
>>
>

Relevant Pages

  • RE: Access denied errors
    ... Based on my test on our side, I create the test user; ... Security Permissions and was granted Read permission for Sharing ... The result turned out that the test user can access the folder ... PLEASE NOTE the newsgroup SECURE CODE and PASSWORD were ...
    (microsoft.public.windows.server.sbs)
  • Re: SPListCollection permission bug?
    ... For the testing I created a test user who is only part of the local users ... Even if the user has full permissions on the main site and problem still ... does the local user have permission to open SPWeb ... So maybe the local user does not have any rights ...
    (microsoft.public.sharepoint.portalserver.development)
  • Re: Strange problem in Active Directory
    ... check the members of the Domain Admins and the administrators group in AD and remove everyone that should not be there ... * This posting is provided "AS IS" with no warranties and confers no rights! ... So, I created a test user and sure enough, this test user could use ...
    (microsoft.public.windows.server.active_directory)
  • Re: Win 2003 - Share can be read with no NTFS permission?
    ... permissions in W3K. ... Add a test user with R X L R ntfs ... I logon with a workstation on that domain as test user ... and try to create a folder and file in the share with no success. ...
    (microsoft.public.win2000.security)
  • Re: Restricted Group - [WILDPACKET]
    ... This posting is provided "AS IS" with no warranties, and confers no rights. ... >> printers but are not local admins. ... >> - Created a Group and added Admin and one test user. ...
    (microsoft.public.windows.server.active_directory)