I have a Root Domain Controller (W2K8 SP2) with the File Server Role. I created the 'Org' Group as a Universal Group in ADUC on the Root Domain. I added one AD User Object from each of our Forest's Child Domains as members of the Org group. I then created the 'Organization' Folder on the Root File server. I set the Share permissions to Everyone; I set the NTFS permissions to 'Modify' for the Org group. When a member of the Org group attempts to login, they get the access denied pop-up. When NTFS permissions are set to Everyone, the problem goes away. I'm not quite sure what I am missing. Some assistance would be greatly appreciated. Jesse

Hi, Please try to add this universal group to domain local group and check the issue again. A domain local group is a security or distribution group that can contain universal groups, global groups, other domain local groups from its own domain, and accounts from any domain in the forest. You can give domain local security groups rights and permissions on resources that reside only in the same domain where the domain local group is located. For more information, please refer to the following Microsoft TechNet article: Group scope http://technet.microsoft.com/en-us/library/cc755692(WS.10).aspx Regards, Arthur Li TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com.Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Thanks Author. Worked like a charm.