Click here to get back home

removing user from domain users group doesn't help
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
removing user from domain users group doesn't help OM 06-23-2006
Posted by OM on June 23, 2006, 4:15 pm
Please log in for more thread options
 Hi,

I have few shared folders on my w2k3 file server and most of them allow
read access for the domain users group.

I am trying to create a shared folder that only allows one group of
users to access. This group of users should has no access to other
shared folders. I created a new group and put all these users onto the
group and removed the domain users group from the "member of" property
of these users. So all these users are only member of the newly created
group. However, they are still able to access the file on the shares
that have read access for domain users.

Can someone advice how I can change the ntfs/share permission so that I
achieve my goal accordingly?

Thanks

OM

Posted by Roger Abell [MVP] on June 24, 2006, 5:15 am
Please log in for more thread options
 Did your test account log off and back in after the group membership
changes but before your retesting ?

> Hi,
>
> I have few shared folders on my w2k3 file server and most of them allow
> read access for the domain users group.
>
> I am trying to create a shared folder that only allows one group of users
> to access. This group of users should has no access to other shared
> folders. I created a new group and put all these users onto the group and
> removed the domain users group from the "member of" property of these
> users. So all these users are only member of the newly created group.
> However, they are still able to access the file on the shares that have
> read access for domain users.
>
> Can someone advice how I can change the ntfs/share permission so that I
> achieve my goal accordingly?
>
> Thanks
>
> OM



Posted by OM on June 26, 2006, 10:43 am
Please log in for more thread options
Roger Abell [MVP] wrote:
> Did your test account log off and back in after the group membership
> changes but before your retesting ?
>

This is a newly created group. I have also created a new user account in
this group for testing purpose.

Thanks

Posted by Roger Abell [MVP] on June 27, 2006, 9:38 am
Please log in for more thread options
> Roger Abell [MVP] wrote:
>> Did your test account log off and back in after the group membership
>> changes but before your retesting ?
>>
>
> This is a newly created group. I have also created a new user account in
> this group for testing purpose.
>
Fine. But does that mean that all tests were done with a fresh login
after all group membership changes had completed and propagated
to the authenticating domain controller ?



Posted by OM on June 27, 2006, 12:44 pm
Please log in for more thread options
Roger Abell [MVP] wrote:
>> Roger Abell [MVP] wrote:
>>> Did your test account log off and back in after the group membership
>>> changes but before your retesting ?
>>>
>> This is a newly created group. I have also created a new user account in
>> this group for testing purpose.
>>
> Fine. But does that mean that all tests were done with a fresh login
> after all group membership changes had completed and propagated
> to the authenticating domain controller ?
>
>


I just tried it again and the new user account is still able to all the
folders that has read permission for domain user group. I have checked
the user's member of property and the domain user indeed has been removed.


Similar ThreadsPosted
Adding another domain users to your local domain admin group December 28, 2005, 12:19 pm
Default Domain Users group March 24, 2008, 1:59 pm
Can I delete 'Athenticated Users' group form local 'Users' group January 29, 2008, 11:52 am
Error removing a Group Policy Object February 5, 2006, 10:07 pm
Adding a User from One Domain to a Group in Another Domain August 18, 2006, 12:12 am
Create User and Auto Assign to Domain Security Group January 31, 2007, 12:27 pm
Domain Controller Certificates and moving to a new server or removing them? April 23, 2007, 2:42 pm
Unexpected security restriction for a user in both a user and administrative group. April 24, 2008, 10:05 pm
Performance Monitor Users Group June 17, 2005, 8:09 am
Is NETWORK SERVICE Member of Users Group? March 12, 2007, 4:39 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap