Announcement

Collapse
No announcement yet.

Windows Server 2003 r2 user group inheriting admin rights

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Windows Server 2003 r2 user group inheriting admin rights

    In our W2K3 AD domain, members of some of the security groups are inheriting administrative rights (to folders) even though their group is not in the administrators group. If I remove the administrator's rights to the folder, the group in question can no longer access the folder. I have checked security on the folder in Windows Explorer - Security and by using CACLS and nothing looks untoward. Can AD Security Groups be granted membership of e.g. admin group using GPs? I am at a loss as to what is going wrong here but, for obvious reasons, I need to fix it fast.
    Any help much appreciated.
    MP

  • #2
    Re: Windows Server 2003 r2 user group inheriting admin rights

    Take a look at the local Groups and see what AD groups or other groups have been added there. Especially look at the local Administrators group.

    Comment


    • #3
      Re: Windows Server 2003 r2 user group inheriting admin rights

      As the folder structure is on one of the AD DCs, there are no local groups and I have checked the domain groups for any anomolies and found none. That said, it appears that it is only one of the security groups that has these rights and, as Group Policies are in use, I do suspect that there may be an issue within GP but I am unaware of how these rights can be assigned by groups policies.

      Comment


      • #4
        Re: Windows Server 2003 r2 user group inheriting admin rights

        I see. Lock down the share permisisons to better ensure a restricted access. Furthermore, look at the advanced permissions of NTFS. You can the select a Group and click Edit to have a more granular view.

        With regards to Group Policy, you'll have to look at the policies applying and look at the summary in GPMC.

        Comment


        • #5
          Re: Windows Server 2003 r2 user group inheriting admin rights

          Thanks for your input. I have resolved the issue. For some reason, a predecessor had seen fit to set up a logon script that mapped a shared drive with the administrator's username and password. Most odd.

          Comment


          • #6
            Re: Windows Server 2003 r2 user group inheriting admin rights

            And not documented either.

            Thanks for posting back. Glad you got it sorted

            Comment

            Working...
            X