Trouble with NTFS write permissions

lauren7060 · 2012-10-01T14:15:48.000Z

Sorry Spiceheads, I am full of NTFS questions! So here is my next issue:

I have an AD security group tied to a particular folder in my share drive. The permissions are propagating down that folder tree. This particular groups has: Read&Execute, List folder contents, Read, Write. My share level permissions are Read & Change for authenticated users. If I go into that folder and look at the permissions on the sub-folders I see the same as above. I also plugged the user’s name into the effective permissions box to ensure she was getting the access she was supposed to via her group - and she was! The trouble is none of the people in the group can create files, rename files or modify files in anyway. I.e. the user that reported said she opened the file and tried to do “Save As” and got the message “folder is read only access denied”. The other person said she was trying to create a tab in a spreadsheet. All permissions look FINE, but the only thing I see is on the general tab the folder does say “Read Only (Only applied to files in folder)”. But it also seems ALL my folders in the share are like there and no one else has complianed. Even my old share had that read only setting on the folders! What am I missing here?!?!?!?!

fmftw · 2012-10-01T14:23:54.000Z

Check to see if those users are in other groups with limited access.

richie · 2012-10-01T14:24:11.000Z

As a rule of thumb, you should assign Full Control Share-level permissions to the Authenticated Users group and use NTFS Permissions to assign the ACTUAL permissions.

lauren7060 · 2012-10-01T14:30:17.000Z

As mentioned - checking the effective permissions on those users shows that they should have write access. So I do not think that is it. Plus, I just resctructured the security groups so I am comfortable with how it is setup that there is nothing overriding it. As for the share permissions - if it isn’t full control there - would it cause this issue and furthermore for only one group??

richie · 2012-10-01T14:36:19.000Z

Lauren7060:

As mentioned - checking the effective permissions on those users shows that they should have write access. So I do not think that is it. Plus, I just resctructured the security groups so I am comfortable with how it is setup that there is nothing overriding it. As for the share permissions - if it isn’t full control there - would it cause this issue and furthermore for only one group??

Question - After you restructured the groups, did you have those users log off and back on again after doing so?

lauren7060 · 2012-10-01T14:38:59.000Z

AVI-NetworkGuy:

Lauren7060:

As mentioned - checking the effective permissions on those users shows that they should have write access. So I do not think that is it. Plus, I just resctructured the security groups so I am comfortable with how it is setup that there is nothing overriding it. As for the share permissions - if it isn’t full control there - would it cause this issue and furthermore for only one group??

Question - After you restructured the groups, did you have those users log off and back on again after doing so?

Yup - and even had them do it again for good measure because this just isn’t making sense to me.

b-c · 2012-10-01T14:44:57.000Z

I don’t apply full permissions…

that only allows you give those users rights to manage permissions… I NEVER do that…

I allow change on the share level though

I’m more interested if its a similar issue to what I’m having trouble with lately…

basically take one of the xls files that you’re having an issue with and give some random user dedicated rights to it and see if that helps…

(your issue seems different like you do have a more restrictive deny hiding somewhere though)

richie · 2012-10-01T15:20:16.000Z

Lauren7060:

AVI-NetworkGuy:

Lauren7060:

As mentioned - checking the effective permissions on those users shows that they should have write access. So I do not think that is it. Plus, I just resctructured the security groups so I am comfortable with how it is setup that there is nothing overriding it. As for the share permissions - if it isn’t full control there - would it cause this issue and furthermore for only one group??

Question - After you restructured the groups, did you have those users log off and back on again after doing so?

Yup - and even had them do it again for good measure because this just isn’t making sense to me.

I still recommend setting those Share permissions to Full Control. This will save you a lot of troubleshooting headaches. Let NTFS control the actual access to the folder.

lauren7060 · 2012-10-01T15:29:40.000Z

B-C:

I don’t apply full permissions…

that only allows you give those users rights to manage permissions… I NEVER do that…

I allow change on the share level though

I’m more interested if its a similar issue to what I’m having trouble with lately…

basically take one of the xls files that you’re having an issue with and give some random user dedicated rights to it and see if that helps…

(your issue seems different like you do have a more restrictive deny hiding somewhere though)

I def. don’t have any deny permissions set up. As mentioned this is a new share I just created and all new permissions I just built.granted. I suppose I can try granting permissions on the file level for testing. I also didn’t give full permissions for the same reason you stated, but not sure what issues that may cause…hmmm

b-c · 2012-10-01T15:36:06.000Z

on the share permission uncheck READ

Only have Change permission

AVI Correct me if wrong

Share permissions - Most Restrict Applies

NTFS Permissions - Least restrictive

This would makes sense that effective displays correct but still only have read-only - share level issue

AVI - Correct Full would correct but also unchecking READ also resolves

(not sure yet though - just checked a few of mine and still have read checked as well)

b-c · 2012-10-01T15:40:35.000Z

Maybe just one group has share permission read and not change?

that would make more sense… READ Should be there I was wrong…

would be multiple groups

Group A Read

Group B Change+Read

Effective of user in both Groups - read only (I think)

lauren7060 · 2012-10-01T15:45:34.000Z

This article states that to save an Excel file you need to have modify permissions WITH delete access as well. I also heard you need modify/delete the rename files as well. This seems insane to me. Thoughts?

learn.microsoft.com

How to troubleshoot errors when you save Excel workbooks - Microsoft 365 Apps

Describes how to troubleshoot errors that occur when you try to save workbooks in Microsoft Excel.

b-c · 2012-10-01T15:50:35.000Z

Modify includes delete rights…

Excel / Word most office formats would require this…

The temp file is the is tricky part and why there is the issue with delete (but needs to be on the directory)

support.microsoft.com

Description of how Word creates temporary files - Microsoft Support

Describes when, where, and how Word creates temporary files. A temporary file is a file that is created to store information to free memory for other purposes or to act as a safety net to prevent data loss.

richie · 2012-10-01T16:38:40.000Z

B-C:

AVI Correct me if wrong

Share permissions - Most Restrict Applies

NTFS Permissions - Least restrictive

Correct Isn’t this fun! lol

lauren7060 · 2012-10-01T17:04:51.000Z

Turns out after talking with many people (and big props to AVI-NetworkGuy for some offline help). That MS just stinks in the fact that you have to give modify if people are going to be editing Excel/Word/etc. as the temp file needs to be created and deleted while working on the file. Thanks all for your help working through this on me.

richie · 2012-10-01T17:30:44.000Z

Damned temp files! So annoying…