1
0
My Problem
I have a problem with shares on my Windows 2008 R2 server:
- All shares including administrative shares such as c$ allow all users the permission to create files and folders.
My Attempted Fix
I tried to reset permissions on my shares with the icacls tool by doing something like: icacls C:\SHARE /reset
With no any permission, the effective permissions always shows : "Create folder/add data" for all domain account. So, I have tested it with some accounts to confirm that... Yes it works...
The icacls output on a share (using icacls C:\SHARE):
C:\SHARE AUTORITE NT\System:(I)(OI)(CI)(F)
BUILTIN\Administrators:(I)(OI)(CI)(F)
BUILTIN\Utilisators:(I)(OI)(CI)(RX)
BUILTIN\Utilisators:(I)(CI)(AD)
BUILTIN\Users:(I)(CI)(WD)
CREATEUR PROPRIETAIRE:(I)(OI)(CI)(IO)(F)
I have searched for similar problems but I have found only the opposite.
Clients used are Windows 7.
I'm not sure what to do next to troubleshoot or resolve.
Update
It works well on Windows Server 2003 R2 using the same Windows 7 client.
I also tested (on the 2008 R2) with full control and modification for everyone on share permissions and NTFS permissions RX (Read and Execute). But no good results...
snariom38
Posted 2016-07-28T13:37:43.727
Reputation: 13
Quick Thought --> Check to ensure the accounts aren't in domain administrators group in AD if applicable. Check to see what groups the user accounts with the issue are in from the AD side just in case. – Pimp Juice IT – 2016-07-28T15:30:18.667
Yep ! You're alright ! I was indirectly in the Built-in Administrators... So it's solved by disallow inheritance from the share folder and apply new fresh permissions on it. – snariom38 – 2016-08-01T13:10:18.997