Can't access windows share when in security group assigned to share

Question

I'm a bit stumpped on this one.

I created a security group in AD called "special data users" and add myself to it.

I then created a share on a server and give that AD security group full access to the share.

If i try to access the share I cannot and get a permission denied error.

If i add my user account directly to the share or add a different security group that's been around for years that I'm a member of it works fine.

Any tips or suggestions on what to look for why this new group doesn't work would be appreciated. I've looked high and low and can't figure out why any new security group created doesn't work...

Thanks!

Answer 1

When you added yourself to the group, did you log out of your workstation and log back in? Security Group membership is a component of the access token granted to your user ID at logon and changing group membership requires a log out and log in order to get a new access token that reflects the new membership.

Answer 2

Make sure that you've assigned read permissions to that "Special Data User" both on Security tab and in Sharing -> Permissions.

Also you need to re-login once you added user to a new group.

Answer 3

I'm not sure this would be your problem, but I've been burnt by it in the past. How many groups (including nested groups) is your account a member of? You may have just passed an AD limitation. There is a limitation on group memberships due to the Kerberos ticket size in AD. Here's more reading from Technet on some AD limitations. Check out info under the Group Memberships for Security Principals heading.

To check if this might be the case, create a new account and add it to your new group and see if that account can access the share.

Answer 4

What type of Group have you created? It does make a difference if they are Domain Local, Global or Universal.