yitsang426 Posted July 17, 2011 Posted July 17, 2011 Dear all, I am having problem inheriting a parent group's permission to a child group. OS: Windows 2008 R2 Enterprise. Scenario SECURITY GROUP A ..........|______Security Group B ..............................|__________ USER A If I place permission on a folder and restrict Group B from it, User A cannot access the folder. However, if I place permission on a folder and restrict Group A, User A still can access the folder. From my observation, Group B does not inherit Group A's permission. I also checked effective permission and it shows nothing when the restriction is applied to group A. Is there any way I can work this around? Thank you in advance. Andy Quote
ICTCity Posted July 17, 2011 Posted July 17, 2011 When you specify specific permission to a folder, you must map the directory itself. Remember that if you want to be able to list folder, there's the appropiate policy. If you can provide more details (examples) like: folder name, user name it's easier to solve the issue. Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
yitsang426 Posted July 17, 2011 Author Posted July 17, 2011 Here is the example. Groups: MIS-ListOnly CDNUsers (member of MIS-ListOnly group) Users William Folder MIS Scenario When I use MIS-ListOnly group to set permission on MIS folder, William still can see folders and files in MIS folder. [ATTACH]114.IPB[/ATTACH] [ATTACH]115.IPB[/ATTACH] When I use CDNUsers group to set permission on MIS folder, Willian cannot see folder and files in MIS folder. [ATTACH]117.IPB[/ATTACH] [ATTACH]116.IPB[/ATTACH] William is a direct member of CDNUsers group. [ATTACH]119.IPB[/ATTACH] CDNUsers group is also a member of MIS-ListOnly group. [ATTACH]120.IPB[/ATTACH] Goal 1.Users can see MIS folder exists but when they enter MIS folder, they won't see anything at all. 2.MIS-ListOnly folder is a group for setting permission. Instead of setting permission by each group of departments(for instance, sales group, hr group, ...etc) on MIS folder, I can just simply only set MIS-ListOnly to MIS folder and add each group to MIS-ListOnly. Question So my questions is how to let CDNUsers group inherit permission of MIS-ListOnly group. Thank you Andy Quote
ICTCity Posted July 17, 2011 Posted July 17, 2011 Are you sure you haven't confused the screenshots? The first 2 should block WILLIAM, the second two should allow him to browse folder. Anyway, can you please post the EFFECTIVE permissions by settings permissions like in the first 2 screenshot and select user WILLIAM? Thanks. Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
yitsang426 Posted July 18, 2011 Author Posted July 18, 2011 The first one is applying permission to MIS-ListOnly group and I am hoping CDNUsers can inherit the permission from MIS-ListOnly group because CDNUsers group is a member of MIS-ListOnly group. William is a member of CDNUsers can also have the same permission as MIS-ListOnly. The 2nd one is applying permission to CDNUsers group directly and William is a direct member of CDNUSsers group. This way works fine. Both ways are trying to setting the same permission on the MIS folder. Do I make it clear ? :lol: Here is the screenshots Permission Applied to MIS-ListOnly [ATTACH]121.IPB[/ATTACH] Effective Permission of William on MIS\New Folder [ATTACH]122.IPB[/ATTACH] Permission Applied to CDNUsers [ATTACH]124.IPB[/ATTACH] Effective Permission of William on MIS\New Folder [ATTACH]123.IPB[/ATTACH] Quote
yitsang426 Posted July 18, 2011 Author Posted July 18, 2011 It is so weird. I just did the same steps again and all of sudden it works now. :woot: Thank you ICTCity It is resolved by itself. Andy Quote
ICTCity Posted July 18, 2011 Posted July 18, 2011 probably the permissions weren't updated... Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.