Re: User's can't access directory, even though permissions show as cor

From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 10/28/04 

Date: Wed, 27 Oct 2004 22:39:45 -0700

This sounds like a rather strange situation.
Please let me restate to make sure I am hearing you.

When on a Windows XP client machine,
a user can access a storage area on a remote share if
   1. the grant is made with a group that existed before
       the current "issue" showed up
   2. the grant is made directly to the domain account but
       not a group (I know you covered this case for local
       storage but was not sure this was tried for remote)
a user can access client machine local storage if
    1 or 2 above are the case
However, if the user only has a grant via a newly defined
security group, then they have no access.
This is seen even when the account logs off and in, and/or
the client machine is rebooted.

Is that about right ?

Since you can add the domain group to the local storage in
the second test scenario, this seems to say that when adding
the groups you are seeing them resolved to their name strings
(not showing only as SIDs). Correct?

This is being seen on multiple (all?) of the client Windows
XP machines? And seems to happen for any domain account?

Are any of the interop products, like Services for Unix, or
Gateway servicse for Novell installed ? 

-- 
Roger Abell
"Rob Martin" <RobMartin@discussions.microsoft.com> wrote in message
news:2A8430D4-15A2-4C91-BDCE-A9EF40B9D401@microsoft.com...
> We are having an issue on our Windows 2003 domain.  When we create a new
> security group, and assign it permissions to a directory users of that
group
> are unable to access the directory.
>
> Using the advanced permissions button, selecting the effective permissions
> tab, and then the user/group in question will show that FULL control to
the
> directory has been granted.
>
> All users are using Windows XP as their desktop operating system.  This
> occurs with Domain, Global and Universal groups.   Logging in and out does
> not solve the issue.  Rebooting the client box does not resolve the issue.
>
> In an attempt to narrow down the issue, I have created a directory on the
> local box, and then removed all users from the permissions for that
> directory, and added a group with one member (myself) with full control.
> After applying those permissions I am no longer able to access the
directory.
>  If I add myself as a named user I AM able to access the directory.  In
both
> cases the "effective permissions" shows the same for my user ID.
>
> I am at a loss as to what is happening, and it is impeding our ability to
> manage our network.  It should be noted that older group permissions do
work.
>
> Rob