Child Group Inherit Parent Group's Folder Permission

[yitsang426]

Dear all,

 

I am having problem inheriting a parent group's permission to a child group.

 

OS: Windows 2008 R2 Enterprise.

 

Scenario

 

SECURITY GROUP A

..........|______Security Group B

..............................|__________ USER A

 

If I place permission on a folder and restrict Group B from it, User A cannot access the folder.

However, if I place permission on a folder and restrict Group A, User A still can access the folder.

 

From my observation, Group B does not inherit Group A's permission. I also checked effective permission and it shows nothing when the restriction is applied to group A.

 

Is there any way I can work this around?

 

Thank you in advance.

 

Andy

[ICTCity]

When you specify specific permission to a folder, you must map the directory itself. Remember that if you want to be able to list folder, there's the appropiate policy.

 

If you can provide more details (examples) like: folder name, user name it's easier to solve the issue.

[yitsang426]

Here is the example.

 

Groups:

MIS-ListOnly

CDNUsers (member of MIS-ListOnly group)

 

Users

William

 

Folder

MIS

 

 

Scenario

When I use MIS-ListOnly group to set permission on MIS folder, William still can see folders and files in MIS folder.

[ATTACH]114.IPB[/ATTACH]

[ATTACH]115.IPB[/ATTACH]

 

When I use CDNUsers group to set permission on MIS folder, Willian cannot see folder and files in MIS folder.

[ATTACH]117.IPB[/ATTACH]

[ATTACH]116.IPB[/ATTACH]

 

William is a direct member of CDNUsers group.

[ATTACH]119.IPB[/ATTACH]

 

CDNUsers group is also a member of MIS-ListOnly group.

[ATTACH]120.IPB[/ATTACH]

 

Goal

1.Users can see MIS folder exists but when they enter MIS folder, they won't see anything at all.

2.MIS-ListOnly folder is a group for setting permission. Instead of setting permission by each group of departments(for instance, sales group, hr group, ...etc) on MIS folder, I can just simply only set MIS-ListOnly to MIS folder and add each group to MIS-ListOnly.

 

Question

So my questions is how to let CDNUsers group inherit permission of MIS-ListOnly group.

 

Thank you

Andy

[ICTCity]

Are you sure you haven't confused the screenshots? The first 2 should block WILLIAM, the second two should allow him to browse folder.

 

Anyway, can you please post the EFFECTIVE permissions by settings permissions like in the first 2 screenshot and select user WILLIAM?

 

Thanks.

[yitsang426]

The first one is applying permission to MIS-ListOnly group and I am hoping CDNUsers can inherit the permission from MIS-ListOnly group because CDNUsers group is a member of MIS-ListOnly group.

 

William is a member of CDNUsers can also have the same permission as MIS-ListOnly.

 

 

The 2nd one is applying permission to CDNUsers group directly and William is a direct member of CDNUSsers group. This way works fine.

 

Both ways are trying to setting the same permission on the MIS folder.

 

Do I make it clear ? :lol:

 

Here is the screenshots

 

Permission Applied to MIS-ListOnly

[ATTACH]121.IPB[/ATTACH]

Effective Permission of William on MIS\New Folder

[ATTACH]122.IPB[/ATTACH]

Permission Applied to CDNUsers

[ATTACH]124.IPB[/ATTACH]

Effective Permission of William on MIS\New Folder

[ATTACH]123.IPB[/ATTACH]

[yitsang426]

It is so weird.

I just did the same steps again and all of sudden it works now.

 

:woot:

 

Thank you ICTCity

 

It is resolved by itself.

 

Andy

[ICTCity]

probably the permissions weren't updated...