Security/Share Problem

Discussion in 'Server Security' started by Richard K, May 26, 2009.

  1. Richard K

    Richard K Guest

    Windows 2003 Server
    Security Group called MyGroup with jsmith as a member (jsmith is just a USER
    in the domain)
    c:\temp folder
    Share called MyShare with Full Control to MyGroup on the c:\temp folder
    c:\temp folder also has Modify/read&execute/list folder contents/read/write
    permissions for domain users

    2nd Windows 2003 Server as a Terminal Server


    1. When the user is in the office and logged in they can browse out to the
    share, see the files and even execute an .exe in that folder
    2. BUT when the user logs into the network via a Terminal Server remote and
    do the same thing they cannot execute an .exe It basically looks like a
    permission issue. I can even copy a new .exe into that folder so the jsmith
    user has full control over the new .exe and it won't execute. When I look
    at the effective permissions everything looks fine to execute.

    Any thoughts?

    Thanks!

    -Richard K
     
    Richard K, May 26, 2009
    #1
    1. Advertisements

  2. Richard K

    Richard K Guest

    You hit it right on! It just never occured to me to look at IE zones for a
    TS session. Lean something new every day.

    Thanks!


    Hello Richard,

    From your description, you have the file and share permissions set
    correctly. A third level of permissions comes into play for
    executables on Windows Servers: Internet settings. Ask jsmith to logon
    to the terminal server, open Windows Explorer, browse to the share,
    and see what zone it is in. The zone is displayed in the bottom of the
    Windows Explorer status bar (click View > Show status bar if it is not
    shown).

    I wager the zone is Internet. If that is true, set the security
    settings in Internet Explorer (as jsmith) to recognize UNC paths as
    the local Intranet zone.

    How to use security zones in Internet Explorer
    http://support.microsoft.com/kb/174360
     
    Richard K, Jun 3, 2009
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.