Active directory Security group

Discussion in 'Training & Development' started by Shinx2k6, Jun 20, 2010.

  1. Shinx2k6

    Shinx2k6 Bit Poster

    23
    0
    2
    Hi

    I was hoping if you guys know this question.

    A user in my work place has a problem with access to a network file. //back/alpha/physiotherapy/ (this is located in F:\ of the file server, in AD security group)
    All users within he's department can access this location, open files, make amandments -with Read and Write permission, only once they have logged in with the Generic loggin account (Physiotherapy as the user). But, when they try to log in with their user accounts - they get access denied when trying open any file there.

    Users have requested that they would be prefer to have access to he location with their user logons rather then generic for convience purposes and productivity.

    I have check the security group in AD, added the users in specified group and also made users member of the distribution group. Still cannot access the files one they login with the users account.

    Is there are any other policy which must be met before they get this grant?
     
  2. LukeP

    LukeP Gigabyte Poster

    1,194
    41
    90
    First of all distribution group won't help. It's just that - a distribution group. Security groups control permissions and access.

    Look for Deny permissions as these will overwrite Allow permissions.
    And yes, shared credentials to access the resource is a bad idea. (very!)
     
    WIP: Uhmm... not sure
  3. Shinx2k6

    Shinx2k6 Bit Poster

    23
    0
    2

    Hey Luke, thanks for the prompt response.

    I have gone into AD> Security group with Admin Account. I opened the generic account from the security group and added the users. I dont think I have the rights as first line support analyst to change file permission within a designated root. However, I can add and remove users from security and distribution groups.

    So, am I meant to deny the permission on the folder from permissions? ok I will give that a go on tommorow.
     
  4. LukeP

    LukeP Gigabyte Poster

    1,194
    41
    90
    No, I meant that it might be worth cheking if there's no deny permissions applied for everyone but shared login (physiotherapy).

    If you don't have rights to change permissions on the resource check which groups have access to it and assign users in question to these groups.

    So check the resource (folder) security tab in properties and check who has access. Assign users to one of the groups that have access to it.
     
    WIP: Uhmm... not sure

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.