In our W2K3 AD domain, members of some of the security groups are inheriting administrative rights (to folders) even though their group is not in the administrators group. If I remove the administrator’s rights to the folder, the group in question can no longer access the folder. I have checked security on the folder in Windows Explorer – Security and by using CACLS and nothing looks untoward. Can AD Security Groups be granted membership of e.g. admin group using GPs? I am at a loss as to what is going wrong here but, for obvious reasons, I need to fix it fast.
Any help much appreciated.