I've been working with Windows SMB shares and NTFS for a long time, but I'm stuck on an issue. A user has Full Rights to a specific folder and its files, yet they seem to be facing restrictions when trying to access them. This folder is a sub-folder of a parent shared folder where the user also has Read/Write access. I'm really scratching my head over this one! Here's a screenshot for reference: [link](https://imgur.com/a/fsMdNRl).
4 Answers
Your share permissions are likely the problem here. Set them to 'Everyone full control' since you're managing access through NTFS, which is typically safer and cleaner.
It's definitely a sharing permissions issue. You're likely sharing it out to everyone with read-only access or something similar, which can confuse things.
I don't have 'Everyone' added at all. Does it make a difference if the user logs in with their SAM Account or UPN name?
Honestly, you shouldn't need to play around with Share permissions if you have NTFS ACLs in place. Windows uses the least restrictive permissions when comparing both. A good approach is to set share permissions to 'Full Control - Everyone' or 'Full Control - Authenticated Users' and rely on NTFS for finer control. It helps avoid confusion in cases like yours.
I might just remove the share restrictions from the sub-directory and see what happens. I only set the permissions at the parent folder level.
Have you checked the sharing permissions? They're separate from NTFS permissions and might be set to something your user can't access. It could be that they only have read-only access at the share level, which would limit what they can do, even if NTFS permissions say otherwise.
The parent folder's share permissions are set to READ/WRITE for that specific user, and that's supposed to apply to the sub-directory as well.
But if I give 'Everyone' full control, won't that let users I want to restrict see the share?