Problem sharing a folder

Andrea Vironda 811 Reputation points
2021-03-26T09:26:36.833+00:00

Good morning sirs!
I created a folder in my WS2019 and I notice the owner is the group "administrators". Ok nice, so I created 2 users and put them under that group.

Now if I try to access the folder I can't, but if I create another group and I share the folder with it, I can successfully access.
Am I doing anything wrong?
81819-screenshot-2021-03-26-102749.jpg

Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management, data storage, applications, and communications.
1,767 questions
{count} votes

Accepted answer
  1. MotoX80 23,651 Reputation points
    2021-03-27T12:36:50.947+00:00

    I prefer to use the advanced sharing button to manage the share permissions, and the security tab to manage manage NTFS permissions.

    In a server environment I would recommend using groups (local or Active Directory) wherever possible. That way you can organize access by role using meaningful names. For example AccountingTeam-Update, AccountingTeam-ReadOnly, Engineering-Update, and Engineering-ReadOnly.

    When an employee leaves the company and his AD account is deleted then I don't have dead SID's all over my file system.

    Review a user's access with the Effective Access tab.

    82048-capture.jpg

    81987-capture1.jpg

    82082-capture2.jpg


2 additional answers

Sort by: Most helpful
  1. MotoX80 23,651 Reputation points
    2021-03-27T17:40:36.107+00:00

    The share permissions act as a filter to the NTFS permissions. So if you wanted to give a user update access to a folder, but only when he was RDP'd to the server, then the NTFS permissions would grant update access. The share permissions would be just read. That would prevent the user from updating the files through the network share.

    The easiest thing to do is to grant everyone full control at the share and then use NTFS to control access to files/folders.

    There is nothing "wrong" with granting access to an individual user. The challenge you will have is when your manager says "User XXXX has quit and we have hired user ZZZZ to replace him. Please give ZZZZ the same access that XXXX. had"

    If you manage security by groups, it is relatively simple to see what groups user XXXX is a member of and add user ZZZZ to them. If you had to examine the folder/file permission on thousands of folders on many servers to find any reference to XXXX, that could be a challenge.

    But that all depends on your environment and how you wish to implement and manage security.

    No comments

  2. Fan Fan 15,061 Reputation points
    2021-03-29T06:21:32.53+00:00

    Hi,
    It you mean that you tried to add users into a local administrators group which have permission to access the resource, but the user didn't inherit the group's permission , try the following way:
    https://social.technet.microsoft.com/Forums/en-US/fedbb110-556d-4d2f-83bb-fb679c125cc3/windows-server-2012-uac-folder-problem?forum=winserverfiles

    Best Regards,

    No comments