share using the new 2012 R2 methodology (Server Administrator). I set the
appropriate permissions on it and it looks normal. Domain users have
read-only and Domain Admins (I'm in this group) have Full control.
Within the share, I've created a bunch of folders for departments and
general use. I've disabled inheritance on all of the folders and setup
explicit permissions, leaving the domain users with read-only and domain
admins with full. Everything looks normal.
The Share permissions are wide open and the NTFS permissions limit user
Here is the odd behaviour. When I'm logged on the server as myself
and try to access the folders (after having logged off) it says that I
don't have permissions to view the security or even open the folders
(unless I hit continue and then it assigns me with Full Control) BUT
when I'm logged onto my PC and navigate to the primary share, I
can see everything, go everywhere and view all properties. When I look
at the effective permission from my local PC or the server, it shows
that I have full control.
It's the same for the other Domain Admins as well.
Any advice or direction pointing would be greatly appreciated.
The behaviour appears to be caused by the removal of the local "Users" group. When I add any other group that I'm a member of, I can access the folders on the server and on my PC. Why doesn't the server recognize that I'm a member of Domain Admins??
I want to use Access-Based Enumeration so that users ONLY see the folders that they have permission to. When the local Users group is in the NTFS permissions, users can see all of the folders which I don't want. I understand how to enable it but if the Local Users group is removed from the folder then I lose the ability to manage the folder on the server and if the Local Users group is added then I lose ABE.