NTFS Permissions disappear/reset overnight on WIN 2000 Server

Posted on 2005-03-10
Medium Priority
Last Modified: 2012-06-27
I am running WIN 2000 AD and on one of my servers I have added permissions to a folder
(C:\Program Files\Blue Ocean Software) and then the next morning they disappear. I created and added a global group and gave it Full Control, I clicked on advanced and chose both "Inherit from parent...” and "Replace permissions entries on all child...". This has been happening for 3 weeks, every day I add the group and the next mooring the permissions I added the day before are gone. This also happens if I add individual user accounts so it is not specific to the Global Group. The server is Windows 2000 with SP4 and it is running SQL 2000 and Project Server 2003 as well. Nothing out of the ordinary in the event logs. I called the Blue Ocean Software vendor and they have no idea what is happening.
Question by:BOS1028TIM
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 12

Accepted Solution

GinEric earned 1000 total points
ID: 13508930
You added a group, but did you set the permissions on the Directory structures themselves?

Two ways for permissions to disappear; system restore, and a hacker.

If you run eventviewer and log for security changes, you will see exactly what changed the permissions, even if it was the system.  The only way you won't see them is if someone has purposefully deleted the log entries.

Inherit permissions is fine, if the permissions are already set, but if their not, reversion to the permissions that existed at the time of the creation of the folder will apply at some time when the folder is either replicated or restored.  Your server could be replicating from some other server, or machine, from a backup, from a restore point.

Setting the Group Permissions is not enough, you also have to set the physical outermost directory permissions.

It gets tricky too because if

C:\Program Files\Blue Ocean Software

belongs to the Group, its ownership may conflict with the software's internal ownership, and if

C:\Program Files\

belongs to System, if may not like permissions below it and change them.

The methods to fix this are plenteous.  One of the things we do is to not use

C:\Program Files\

for installing software, instead, we create our own structure:


Install software where we can find it quickly:


and so on, so that Blue Ocean Software might be found under:

C:\Programs\A-D\Blue Ocean Software

But at install, we change that to:


to avoid white space directory problems, which inevitably come up.

This has a three-fold security measure built in:

1.)  hackers don't know where programs are
2.)  We can quickly find and remove a program if necessary.
3.)  Permissions are set at Directory creation time, whereupon they are inherited from that structure; we change that of course, but if we install under Group, there's no need to usually.

For what it's worth.
LVL 12

Expert Comment

ID: 13570420
Did you fix this yet?

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
This program is used to assist in finding and resolving common problems with wireless connections.
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question