Are any of permmisions tick boxes greyed out? if so you might nned to remove inheritence of the permmisions click the advanced button on the security tab.

also are you trying to do logged in remotely from a share, you might need to set share rights as well.

You probably already thought of this, but if you actually shared the folder, check the share permissions, not just the NTFS permissions….or vice versa….

make sure your folder is not inheritting permissions from parent folder

My bet is that it is an NTFS permissions issue.

Here’s something else to think about… multiple groups. Where one group denies and another grants rights.

It looks to me that You have a user added to two or more GPOs whereby you have given the deny permission in one of the GPOs to a particular folder and gave access permission in the other GPOs. In such a situation, the deny configuration takes precedence. Please check out this.

Zekirstos Tesfay

I know it sounds obvious but I only mention this since you are currently using Windows NT and would not be looking for this. Probably everyone who ever migrated to Server 2003 discovered this as well…

The default Shared Folder permission for Server 2003 is “Everyone” Read Only as compared to Windows NT which was “Everyone” Full Control. It looks like you have the NTFS permissions set right.

In general, network and server access requires two objects to be created and maintained; a data group and a corresponding folder/volume. You add whatever members to the group and then you must add the group (or individual members) to the folder’s list of members/trustees and grant the group whatever rights you wish it to have. This is just a basic setup but it might push you in the right direction. Also, if the files are created locally but then copied over to somewhere on the network, you might want to check that the local security settings on the file allow the necessary access to everyone prior to posting it in the folder.

My guess would also be the share permissions. When combined with NTFS permissions the most restrictive takes precedence.

I agree with #3, #8, #10. Check the Shared Folder permissions. The fact you can Read files and files is a strong indicator.

Most the other issues won’t apply since your DC is NT4 not 2003. But the last I would look at is the idea you copied files and folders from another place on the same volume where they were already set to Read Only NTFS permissions.

Everyone provided helpful advice. I’ve visited every permeation of rights, both NTFS and AD that I could imagine, and I’ve got a healthy imagination!

I did figure out my problem. It had more to do with the program design for the program that needed to access the data than the rights itself.

I had set up a series of shares for this server. I had top level shares and then program shares. Some shares were created by program installation routines, as in this case.

The program, when trying to access the data, wouldn’t go through nested shares. The share had to be top level from the server name. Interestingly, I was able to make this work with one of my groups. I assigned both groups that accessed the server administrative rights as a test. That didn’t work.

To sum it up, I’m sticking with program design, making the data live in a share so that it is referenced top level from the server name in a unc reference. Thank you again for the great advice.

Gregg