Effective access doesn't reflect the actual NTFS permissions

Taha Adel

12/3/22, 11:18 AM

I came across a weird issue when practicing permissions in Windows Server 2016. I gave read permission only to a shared directory for a group called "Human", but the effective access tap shows that the user "luke.skywalker" who's a member of the Human group has the following access

Here's the actual permissions

Here's the effective access

This of course led to the ability of Human group members to create and delete directories and files inside the directory. Can anyone suggest a solution or workaround for this situation?

1 + 0

windows

active-directory

windows-server-2016

Score:1

Server

AutoGnome

12/3/22, 11:54 AM

In your screenshot of the actual permissions, the "Authenticated Users" group has modify privileges.

This will give every user that is authenticated (i.e. domain users) modify privileges to that folder.

If you want the Human group to have only read access then you must remove the Authenticated Users group.

You can read more about the Authenticated Users special identity here: https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/special-identities#authenticated-users

Side note: Before removing Authentiated Users, make sure that everyone that needs access is in a group with the proper permissions on that folder.

0 + 2

Taha Adel

12/3/22, 12:17 PM

Thanks a lot <3

AutoGnome

12/6/22, 11:39 AM

@TahaAdel If this helped, please consider marking it as answer. Thanks!

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Effective access doesn't reflect the actual NTFS permissions

TH: การเข้าถึงที่มีประสิทธิภาพไม่ได้แสดงถึงการอนุญาต NTFS จริง

RO: Accesul efectiv nu reflectă permisiunile NTFS reale

RU: Эффективный доступ не отражает фактические разрешения NTFS

VI: Quyền truy cập hiệu quả không phản ánh các quyền NTFS thực tế

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.