AD security groups access LAN folders
Hi, New to Windows Server 2008 R2, upgrading from Server 2000. I have a domain controller (dc1) in hyper V on my server with a security group in active directory. Our data files are located on a separate machine (STORAGE1), which is also running server 2008, and this machine is listed in the AD of computers on hyper V. I'm trying to create a folder on the STORAGE1 machine which is only accessible by member of the security group, and the admin. Currently a few folder, created by the admin on STORAGE1 has the following Groups listed on the security tab: Authenticated Users, SYSTEM, Administrator, Administrators, Users(STORAGE1\Users) While I can add the security group to this list, I'm confused about permissions for the above listed groups, so that only the security group and admin can access the folder. In Server2K one could see all the folders, but you got an error message saying you didn't have permission to access a particular folder. In server 2008 r2, seems like some permissions cause the folders to not be visible to all users and that is confusing me about how this is supposed to work. Also am I correct I can do this without a share? Just new folder, security and admin groups under security tab, and check the permissions? Thanks,
February 20th, 2011 3:05pm

Remove permission inheritance for that folder (check Advanced button in Permissions) and remove all unneeded groups from the security list. Only leave the groups you really need (say, Administrators, SYSTEM: Full Control and Domain\DomainGroup: Modify). The feature which hides secured folders from users is called Access-Based Enumeration. It only works for network connections. MCITP: Enterprise Administrator; MCT; Microsoft Security Trusted Advisor; CCNA
Free Windows Admin Tool Kit Click here and download it now
February 21st, 2011 6:53am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics