07-14-2020 01:04 PM
07-14-2020 01:04 PM
Hi all. This is a bit of a redundant post but I have new info, and also realized the Win 10 security forum doesn't have a lot of visibility so here goes in the main forum:
A new Win 10 Pro machine, not much done with it yet except to create a handful of users and one test folder. I intend to set this machine as a file share server for 6 people. I've found that if I edit folder permissions such that only SYSTEM and the Administrators group have any access (that is, created a new folder and removed Users and Authenticated Users groups entirely), I cannot get into this folder without being prompted with the Continue/Cancel dialog box saying I don't have permissions, would I like to permanently add myself to have access. Clicking Continue then explicitly puts my user (which is in the Administrators group) with Full Control on this folder.
I have Disabled inheritance on this folder, as it is my intent to eventually have various subfolders that only certain users can access.
But I also really need to avoid situations where people have to be prompted to gain access to folders.
Further, I will have a top-level folder for example that somebody can browse to, but only be able to access certain subfolders therein, and not have any ability to even view the contents of other subfolders inside.
This is not an AD environment, so it's all basic shares stuff, though right now I"m just testing locally so it's NTFS stuff for now, no Shares created yet.
In Server 2008 R2 I have no problems with this, I can remove Users and Authenticated Users from permissions on a folder, leaving only the Administrators group and the System user, and then just add one user to this folder giving them Modify and below, no issues. But on Win 10, it seems the only way to make this work is to also have another group ther, like Everyone or Authenticated Users.
Bottom line: why isn't just having my account, which is in the Administrators group) as the only group allowed to access the folder, not enough to let me access the folder without explicitly having to add my user account or one of the other groups?
This is a real pain to type out, sorry for the wordiness.
07-14-2020 01:32 PMSolution