What kind of group is the group you mention that has Full Control (local,
local built-in, local to a remote machine, domain built-in, etc.)? There are
cases in which Effective Permissions can "lie", and this is relevant to
that.
Are there any Deny ACEs? Deny ACEs override Allow ACEs.
Which users or groups have the "Bypass directory traversal" privilege? I'm
not suggesting you change it, this is just for troubleshooting!
http://support.microsoft.com/kb/823659
Posting the output of CACLS may help here:
CACLS C:\
CACLS C:\dir\
Paul
"Jon L" <> wrote in message
news:0C35BBED-ACB9-4B17-A9FE-...
> Server 2003 R2.
>
> Created a hierarchy of folders off the C: drive and shared the folders at
> the next level off the root. Under one of them, I created two folders and
> assigned a group to each with all rights except "full control". The users
> in
> the subfolders can browse and open files but can't do anything else
> (create,
> modify, delete, rename, etc).
>
> When I go to the subfolder and either check effective permissions for the
> the group (or a user in the group) on the folder and any files in the
> folder,
> the results are exactly what I wanted. Yet the user can't do anything.
>
> As an aside, I tried to take off the grayed checkmark for Read-only and
> apply it to all sub-objects. No change.
>
> What could possibly be happening that users get "access denied" or
> "permissions needed"?
>
> Jon
Similar Threads
Linear Mode
