Windows folder sharing issue

Eaven HUANG 2,156 Reputation points
2024-06-25T08:55:28.29+00:00

Dear Experts,

I have set up a script via an internal Windows server within our network to configure different user permissions for accessing different folders.

The issue I'm facing is that when I log in to a domain-joined computer with AD user account credentials, I can access the shared folders with all the preconfigured permissions. However, when I try to log in with local computer account credentials, it doesn't work. I've tried this with both Wi-Fi and Ethernet on the same computer, and there is no difference. I am wondering if this issue is related to the AD setup. If I add "Everyone" with read permission for the C:\Exams-DoNotTouch folder, all users can access this folder, but the permissions set up for each group folder do not work at all. This is quite confusing.

Could you please advise on how to fix this issue? When I switch between logging in as an AD user or a local admin account, the Wi-Fi IP and Ethernet IP remain the same. Therefore, it seems to be related to the AD account being logged in. How does Windows sharing permission recognize which credentials are permitted and which are not?

I've also tried to map the shared folder in Windows File Explorer by specifically connecting with different credentials (the AD user account and password), but it makes no difference.

Your expertise on this matter would be greatly appreciated.

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,607 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,623 questions
0 comments No comments
{count} votes

Accepted answer
  1. Karlie Weng 16,351 Reputation points Microsoft Vendor
    2024-06-26T03:11:00.3566667+00:00

    Hello,

    When you log in with an AD account, the system recognizes the permissions assigned to that account or its group within the domain. However, local accounts do not have the same level of integration with the AD, and thus, the permissions may not apply as expected.

    Attempting to map a drive and specifying AD credentials should work if done correctly. Ensure that you're using the net use command or the Map Network Drive dialogue with the correct syntax, including the domain prefix for the username (e.g., domain\username). If this still fails, it could be due to cached credentials on the client machine or a misconfiguration on the server side.

    The final access permissions on a shared folder are determined by taking into consideration both the share permission and the NTFS permission entries.

    NTFS permissions affect access both locally and remotely. NTFS permissions apply regardless of protocol. Share permissions, by contrast, apply only to network shares. Share permissions do not restrict access to any local user, or to any terminal server user, of the computer on which you have set share permissions. Thus, share permissions do not provide privacy between users on a computer used by several users, nor on a terminal server accessed by several users.

    User's image

    Reference: Share and NTFS Permissions | Microsoft Learn


    If the Answer is helpful, please click Accept Answer and upvote it.


0 additional answers

Sort by: Most helpful