On our file server, we have all root folders on our company share set with permissions using security groups.
All folders have “domain admins” set as full access, however, when we go to access this we still have to request permission. This would be okay, however, it then sets explicit permissions for our user profile onto the folder.
If we go to access this folder from our PC and logged in as our domain admin, this works perfectly fine and allows us in without having to request permission.
I’ve tried, from the file server, browsing the folder directly from the Data drive and also from the network share but none of these will allow us in. I have noticed when I try to browse the share from the file server that the folder doesn’t even appear, as if we don’t have permission to access it.
Any clues anyone?
5 Spice ups
maxsec
(maxsec)
2
What does access on the share show - everyone?
The access on the share is “Domain Admins > Full Access” “Domain Users > Full Access”.
You should be sure you are looking at the ntfs permissions, not share permissions.
1 Spice up
Yes, the share permissions are “Domain Admins > Full Access, Domain Users > Full Access”.
The NTFS permissions are “Domain Admins > Full Access, System > Full Access, Creator/Owner > Full Access”.
Then, on top of this, are the specific security groups for each folder. I’m not talking about share permissions, I’m talking specifically about the NTFS permissions.
That sounds like Access Based Enumeration. Do you have that enabled?
1 Spice up
Dude!
You are a life-saver;
joined a new environment with literally 0 security policies in place (essentially a blank AD template)
We were looking for a way to limit what the outside contractors could view in the file-share and this has been more than helpful!
