I'm playing with permissions and noticed the following situation I don't understand.

The PC PC-EXAMPLE is a part of a domain, let's say DOMAIN (domain.com) and the currently logged on user is User-Hello ([email protected]). This user is a member of domain.com/Group-Demo group — Security Group, Universal.

When the full control permissions are set on a partition for and only for:

then User-Hello user can access the partition.

When full control permissions are set for:

  • Group-Demo (DOMAIN\Group-Demo)
  • Administrators (PC-EXAMPLE\Administrators)

then the partition is not available any longer for the user User-Hello.

As I understand it, groups, in Active Directory, are intended to simplify, among others, the management of permissions on files and folders, i.e., instead of specifying that a specific directory can be accessed by user 1 and user 5 and user 7 and user 19, etc., one can simply create a group and set the permission for this group.

It appears that it's not the case. So what are groups for? How to set permissions for a set of users without setting those permissions for every user?

  • Sounds like the group doesn't actually have read/write permissions to this partition.
    – Ramhound
    Commented May 25, 2013 at 15:38
  • All I can see is that the only "Groups" that have access to the partition, based on the list above, is the "Administrators" group. Unless EXAMPLE\Demo is a group, then All Members of Demo Group will have access. If hello (assuming is a user) is not part of either Administrator, or Demo group, then Hello will not have access.
    – Darius
    Commented May 25, 2013 at 15:41
  • @Darius: my example was unclear and contained mistakes. I fixed the names now. Commented May 25, 2013 at 16:04
  • @MainMa That is strange. That should work. Ramhound's suggestion seems is the most possible thing, that somehow you forgot to set it to have full access (default when adding new group is read only). What your example is shown is pretty much what we have at my workplace and it is definitely is working, so hence why permission issue is the most likely possibility.
    – Darius
    Commented May 25, 2013 at 16:13
  • 2
    Did you make user-hello a member of that demo-group before or after that user logged in to the system ? If you did if AFTER the user logged on you best logout and logon again. Often that is needed to activate a change of rights. The rights as you specified should in theory work at first glance.
    – Tonny
    Commented May 25, 2013 at 16:15

1 Answer 1


Groups are the best way of managing sets of users, as well as other groups.

Based on what you described as your set up, user-hello should have file and folder access to the partition. However, it would seem you are not familiar with groups and I feel you might be missing something.

Here are some things to check:

  • Double check that the Group-Demo group has full permissions to the partition.
  • Double check that the user User-Hello is in that group.
  • When you make changes to file security settings the user should log out and in for the new settings to take affect.

Im thinking you might not have propagated the permissions. See the steps below:

Right click the drive you are applying permissions to and click Properties

enter image description here

Then click the Security tab and the Advanced button, as seen below

enter image description here

Click Change Permissions as seen below

enter image description here

This is where I think you missed a step. You gave the Hello-User permission to the drive here, but not anything else. Click the check-box Replace all child object permissions with inheritable permissions from this object as seen below

enter image description here

This will propagate the permissions throughout the entire disk, making the changes you made at this level to all files and folders below it.

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .