none
Read Permissions causes no file access? RRS feed

  • Question

  • Now I know why a lot of admins just set Full Control, so they can avoid stuff like the following. 

    Non-domain Win 2008 R2 server, Win 10 Pro client system.  Server has a network share which is a folder on the server set up with no inheritance, only explicit permissions for the user in question.  Both the server and workstation have the same user name/pw so everything is accessible.  

    The user cannot access subfolders or files inside this main folder, gets access denied errors.  NTFS persmissions are set to Allow everything except no checkmark in Full Control, Take Ownership, Change Permissions, and Read Permissions.  

    However, putting a checkmark into Read Permissions suddenly allows the user to open the files (pictures, PDF's, etc.), but not the folders.  The NTFS permissions are set to This Folder, Subfolders, and Files, and I've done that thing where you tell it to replace permissions with inheritable permissions from this parent folder.  Effective Access indicates this person should be good to go, yet, they cannot access the folders.  I ended up fixing it a bit haphazardly by setting Full Control across the board, but what puzzles me most is how putting a check into Read Permissions, suddenly allowed access, but only to files and not the subfolders folders in this main folder.  

    I'll leave this discussion at that because I can't recall all the other history nor steps taken afterwards, so my curiosity is just with wondering if maybe I"m missing something with how the Read Permissions advanced NTFS setting is supposed to function - or maybe it's some kind of 2008 R2 > Win 10 Pro thing.  

    Thanks!  

    Tuesday, January 7, 2020 8:39 PM

All replies

  • What you are facing is a normal phenomenon. If you want user access to a shared folder, they must have read permission on this folder, you don’t check mark this permission, of course they cannot access to it.

    Therefore, just like you said, set Full Control is the simplest method for system admin…

    One more thing:

    If the share permissions are “Read”, NTFS permissions are “Full control”, when a user accesses the file on the share, they will be given “Read” permission.

    If the share permissions are “Full Control”, NTFS permissions are “Read”, when a user accesses the file on the share, they will still be given a “Read” permission.

    Regards


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, January 8, 2020 2:41 AM
    Moderator
  • Hey I appreciate the response and effort, but we're not fully sync'd here :) 

    When I refer to Read Permissions, I mean the attribute that's found under Advanced.  According to the MS documentation for this setting, it refers to allowing or denying the ability of a user to view or not view the actual Permissions settings on an object.  So while "Read" would be a Basic security setting meaning you can or can't "open" a file or folder, "Read Permissions" would be the setting that ays a person can't review the NTFS permissions set on that object.  Which is true, I found toggling this checkmark on or off directly allowed or denied the user being able to look at NTFS permissions on a folder.  But, what didn't make sense was that unchecking this also resulted in them not being able to open the file too.  

    What do you think?  

    Wednesday, January 8, 2020 12:10 PM
  • A quick follow-up to check if you have any update?

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Saturday, February 8, 2020 7:32 AM
    Moderator