Solved

Local Access denied & Changing Ownership of all Files Created and/or Modified

Posted on 2003-12-03
10
368 Views
Last Modified: 2013-12-04
we have a win2k server that is part of a workgroup (not AD).  it is simple peer to peer net config.  

when local users of this workgroup create a file and/or change the file. (could be excel or word or a simple .txt) the ownership belongs to that person and only them.

even administrator on the server itself can not access the permisions.  by right clicking the file and selecting properties then security changes must be made in the advanced tab.  on the server itself i have to set the ownership of the file to administrator and then save then open again where i will see that the local user that created the file and "system ".   then i delete the 2 users and add everyone.

this is fine until someone else looks at the file and makes a change.  then it will do the same thing and remove everyone and restrict to olny that user and system again.

what gives?

on the server the only "local security policy setting" that ever mentions service is the "impersonate the client after authentication" that has administrator administrators and service.


i need to be able to have any client (that is part of the server users group) create and modify a file and be able to have everyone else do the same to that file.

currently the parent folders are all accessible to everyone and by default the permisions should have propegated down.

anyone got any ideas how i can default to alow everyone to access any shared file or folder unless otherwise specified.  i need some hints asap as i'm on the clock right now.  ;)

thanx,
locum
0
Comment
Question by:2Geeks
  • 5
  • 3
10 Comments
 
LVL 32

Expert Comment

by:Luc Franken
ID: 9868614
Look at the advanced security tab, deny "take ownership" rights for users other than the administrator. (don't use it on "everyone", but just the "users" groups.
0
 

Author Comment

by:2Geeks
ID: 9868823
i just tried to set ownership for users but only administrator and administrators group apear .  under ownership tab i only have these 2 choices.  

after this i selecting administrator to own i allow for users.

i can login via client and access this file but when i change/save it changes the permisions and locks out administrator and others allowing only the single user.

when i try to look at the properties and security of this file i get a msg.

" you do no have permission to view or edit the current permission settings for *.xls but you can take ownership or change auditing settings"  (* being any file)


they are right.  i can change it but once modified that modification changes it back. to local user and system.
0
 
LVL 32

Expert Comment

by:Luc Franken
ID: 9868836
You should not look at the owner tab, but at the security tab. There disable the function to take ownership.
0
 

Author Comment

by:2Geeks
ID: 9869295
i have changed the security tab all the way up to the c drive and changed the security to users on all subfolders.  i have disabled the inheritance option on the individual file.

when a user now opens the file and modifies it the inheritance gets checked again.

also i have some files that administrator only and when the administrator opens and modifies it goes back to users and inherits is checked again.

the security should not be changing at the will of the client or any permisions of the client or any groups that the client is in.  the security and permisions must remain static.  because the next guy may need to access it or must be restricted as in accordance with the settings on the server.

0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 32

Expert Comment

by:Luc Franken
ID: 9869384
Uncheck "change permissions" and "take ownership" for those files/folders make sure all security settings are made that way for all files/folders you want to protect.
0
 

Author Comment

by:2Geeks
ID: 9885523
will try to uncheck the change permissions on mon when i get back to the clients.  for now,  all users have access and they can do business so there is no production loss like b4 when no one but last modifiers had access.
0
 
LVL 32

Accepted Solution

by:
Luc Franken earned 500 total points
ID: 9885564
Let me know how it goes...
0
 
LVL 32

Expert Comment

by:Luc Franken
ID: 9935722
2Geeks, do you have some progress?
0

Featured Post

Give your grad a cloud of their own!

With up to 8TB of storage, give your favorite graduate their own personal cloud to centralize all their photos, videos and music in one safe place. They can save, sync and share all their stuff, and automatic photo backup helps free up space on their smartphone and tablet.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Laptops & PCs compliance & tracking 10 90
PGP whole disk encrypted Laptops 5 60
Monitoring software... 2 52
Changing the domain admin password 9 74
As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now