Score:1

Effective access doesn't reflect the actual NTFS permissions

bz flag

I came across a weird issue when practicing permissions in Windows Server 2016. I gave read permission only to a shared directory for a group called "Human", but the effective access tap shows that the user "luke.skywalker" who's a member of the Human group has the following access

Here's the actual permissions

Here's the effective access

This of course led to the ability of Human group members to create and delete directories and files inside the directory. Can anyone suggest a solution or workaround for this situation?

Score:1
us flag

In your screenshot of the actual permissions, the "Authenticated Users" group has modify privileges.

This will give every user that is authenticated (i.e. domain users) modify privileges to that folder.

If you want the Human group to have only read access then you must remove the Authenticated Users group.

You can read more about the Authenticated Users special identity here: https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/special-identities#authenticated-users

Side note: Before removing Authentiated Users, make sure that everyone that needs access is in a group with the proper permissions on that folder.

Taha Adel avatar
bz flag
Thanks a lot <3
AutoGnome avatar
us flag
@TahaAdel If this helped, please consider marking it as answer. Thanks!
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.