Hi,
Once again I managed to find very strange situation with Windows security. The case goes like this:
A regular domain user with regular permissions in domain logs in her own workstation. The DC (SRV2012R2) runs her login script and she gets the resources mapped as usual. When she browses the user directory network share, she has full access to all user
directories and other folders in that share (which she should have). BUT, when she logs in the domain on another workstation, her privileges are correct, meaning that she only has access to her own user directory and other folders where she is allowed to.
Along with this curiosity I found another weird behavior of her machine. For testing purposes I removed her workstations computer accout from AD, but she still can log into domain with these "elevated" privileges.
I've checked that she really is a regular (domain) user in her local machine and domain and has exactly the same user settings in another identical Win 8.1 Enterprise workstation where her privileges are not "elevated" for this user directories file server share. From that other machine the fileserver share security settings work as they are supposed to.
This problematic security behavior in her workstation doesn't apply to any other users logging into domain from her workstation. They have their security settings applied correctly.
Can anybody give me a hint what have I missed, because in my opinion this kind of behaviour simply can not happen.
Thank you in advance
Juhani Ikonen