2008 r2 sharing issues

Ruckus

Hardforum Moderator-in-Chief
Staff member
Joined
Oct 12, 2001
Messages
10,768
I am setting up network shares for users on a new location we are adding with the company i work for. I cant get it to deny access to anyone it seems.

D: is the master drive they sit on, this is set to not share, local security is set to let authenticated users view this folder only not to inherit down to folders inside.
I created a folder inside d:\ called shared this folder is setup to share as shared$ with permissions of only domain admins and "sharedsecuritygroup" having full permissions. everyone else removed. local security also setup with only domain admins and the security group as having permission to access the folder.

However when I get on a computer that is not joined on the domain and tell it to open \\server\shared$ it opens right up and they have full permission in it. Im not sure how to fix this because it seems I only gave explicit permissions to those 2 security groups and I verified "everyone" is not in either group. also nothing is inherited down that i can see. any ideas?
 
Why did you add $? To hide it? Which user account on the other computer are you using?
 
The only thing that I can think of is that you have a user in the sharedusersgroup that has the same username / password combination as the pc that you are trying to access from. Windows will automatically try the login credentials for the account that you are currently logged into before it even prompts for credentials. If the user you are logged into has the same user / password combination it might be authenticating (even though technically it shouldn't. Maybe there is a domain trust with that pc and the domain)
 
You should pick one level to handle security one. Either File or Share. I would start over with Share security being only set to Everyone with full permissions(minus modify). Apply your specific permissions to the file security.

That can eliminate having to keep track of permissions in two places on the same location and the issues that come with it.
 
The only thing that I can think of is that you have a user in the sharedusersgroup that has the same username / password combination as the pc that you are trying to access from. Windows will automatically try the login credentials for the account that you are currently logged into before it even prompts for credentials. If the user you are logged into has the same user / password combination it might be authenticating (even though technically it shouldn't. Maybe there is a domain trust with that pc and the domain)

that's it. I didn't realize that it would do that. my username and password on my laptop is the same one as my domain login. but since i never logged into the domain I never thought it would authenticate. Wow thats lame. spent hours trying to figure it out too
 
that's it. I didn't realize that it would do that. my username and password on my laptop is the same one as my domain login. but since i never logged into the domain I never thought it would authenticate. Wow thats lame. spent hours trying to figure it out too

That's why I asked what accounts you were using.

Also you should share with everyone and then limit access via NTFS permissions.
 
Back
Top