Re: VPN Issues (or maybe permissions or maybe accounts, who knows? It is a bunch of weirdness)
- From: "JEC" <thejohncarlson@xxxxxxxxxxxxxxxxxxx>
- Date: Sat, 27 Oct 2007 17:53:16 -0500
The plot thickens...(and I think that I am on my way to a solution)
I deleted the India user and all seems to perform as expected now. I am now going to recreate the India user and see what happens.
"JEC" <thejohncarlson@xxxxxxxxxxxxxxxxxxx> wrote in message news:B17CA65D-4990-4F7A-BAB4-03E353AB2AB9@xxxxxxxxxxxxxxxx
I believe that the question actually was did you deny the share permissions AS WELL as the NTFS level.
It appeared that you understood that they were denied access at the NTFS level.
If you re-read the original post, you will find this line "I went to the two folders that London should not access, added the user to the file level permission and explicitly denied her access."
Sorry if I misunderstood you, but the answer is yes the user was explicitly denied permissions at the NTFS level.
"Claus" <cjobes@xxxxxxxxxxxxx> wrote in message news:Od2mE5LGIHA.1204@xxxxxxxxxxxxxxxxxxxxxxxThat didn't answer my question about NTFS permissions. Did you deny access for the London user on the NTFS permission?
--
Claus
"JEC" <thejohncarlson@xxxxxxxxxxxxxxxxxxx> wrote in message news:F54DA8E6-1159-456A-9E03-17AD77EBB40A@xxxxxxxxxxxxxxxxThose two folders are not explicitly shared. The top level folder (the one right above them) is shared.
Like this:
c:\share\deny1
c:\share\deny2
c:\share\Accept
The share folder is shared. The others are the ones I am trying to control permissions on.
"Claus" <cjobes@xxxxxxxxxxxxx> wrote in message news:usGY2dAGIHA.4628@xxxxxxxxxxxxxxxxxxxxxxxDid you deny access on those two folders for the London user on the share level as well as the NTFS level?
--
Claus
"JEC" <thejohncarlson@xxxxxxxxxxxxxxxxxxx> wrote in message news:7C02C0B0-4BFD-4D50-BB05-62E03B9A6C00@xxxxxxxxxxxxxxxxPlease bear with me here, this is going to get a little complicated.
I have a customer who has SBS 2k3 R2 Std. behind a Watchguard Firebox. They came to me a couple years ago and had hired a team of programmers in India who needed access to the system. We wanted this to be as simple as possible for the end user so I setup the SBS box to act as a PPTP endpoint and forwarded the traffic through the firebox to the SBS server. We also set various permissions on our server that restrict India to only one share and only a couple of folders within that share. I have also added myself (administrator) and one other user (will call him "user") to the mobile users group so that we could utilize the VPN as well.
Recently a need came up for a user in London to need access as well. They would access the same share that the India team access but we did not want London to have access to all the folders that India does. I created a new user, made them a part of the mobile users group and verified that London could connect to the VPN as well. No problems so far.
I then went to the directory structure that they will need access to. This is a top level folder that is shared with three folders underneath it. India needs access to everything, London only needs access to one folder. I went to the two folders that London should not access, added the user to the file level permission and explicitly denied her access.
When I tested this by connecting as London via the VPN I was still able to access all of the files stored in any of the folders. Admittedly I did not try to write anything but I was able to view and open files. I would also like to point out that I have run the effective permissions tool on the folders in question and it confirms that London does not have access to the folder. I then experimented around and discovered that if I deny permission to the India user, all users in the mobile users group lose access. Including Administrator. Give India access again and all members get access, even if they are explicitly denied it.
There had been some other odd behavior with this folder in the past. (one user seemed to occasionally lose the ability to rename files, I would re-apply permissions without changin anything and the problem would go away) This lead me to suspect that there could be ACL corruption of some sort. In order to recreate the ACL's, I took the entire contents of the folder and copied them off to a Linux server. (Actually a NAS box running some kind of embeded Linux) I then shift-deleted then entire directory structure off the SBS box, created a new top level directory and copied all the files back to the SBS box.
I reset permissions and shares and viola! I have the exact same behavior.
I have also tested this locally and it does not happen. This behavior only occurs when connected via the VPN.
I am stumped. Does anyone have any suggestions for me? They will be appreciated.
.
- Follow-Ups:
- Re: VPN Issues PROBLEM SOLVED!!!!
- From: JEC
- Re: VPN Issues PROBLEM SOLVED!!!!
- References:
- VPN Issues (or maybe permissions or maybe accounts, who knows? It is a bunch of weirdness)
- From: JEC
- Re: VPN Issues (or maybe permissions or maybe accounts, who knows? It is a bunch of weirdness)
- From: Claus
- Re: VPN Issues (or maybe permissions or maybe accounts, who knows? It is a bunch of weirdness)
- From: JEC
- Re: VPN Issues (or maybe permissions or maybe accounts, who knows? It is a bunch of weirdness)
- From: Claus
- Re: VPN Issues (or maybe permissions or maybe accounts, who knows? It is a bunch of weirdness)
- From: JEC
- VPN Issues (or maybe permissions or maybe accounts, who knows? It is a bunch of weirdness)
- Prev by Date: Re: two SBS in one network
- Next by Date: Re: two SBS in one network
- Previous by thread: Re: VPN Issues (or maybe permissions or maybe accounts, who knows? It is a bunch of weirdness)
- Next by thread: Re: VPN Issues PROBLEM SOLVED!!!!
- Index(es):
Relevant Pages
|
