File permissions

Posted on 2006-05-14
Last Modified: 2010-04-18
Hi all

I'm hoping this is a common problem for new users of Server 2003 and AD !

There are two indentical machines on our network, with identical software installed.  There are only two users who will log into these two machines, and they have a (group) mandatory profile.

One particular application on the machines wants to create a log file when it launches, and place it in c:\Program Files\Name of software\date.log

On machine number 1, either user can log in, run the software and create the log file.  As a test, I confirmed it's possible to create new text files in c:\Program Files\ and in the relevant subfolders.

On machine number 2, either user can log in but the software is unable to create the log file so the software wont start.  On this machine it's NOT possible to creatae new text files in c:\Program Files.

Both machines are in the same computer OU in Active Directory, both users are in the same user OU too.  The users share a mandatory profile.  I've checked properties for both users and both machines and they're the same.

When we installed the software we were logged in as the LOCAL Administrator.

Any ideas ?!


Question by:SimonUK
    LVL 82

    Accepted Solution

    Just compare the NTFS permissions for C:\Program Files\Name of software; it's likely that on machine 1, the users have the necessary permissions for the folder, and they don't on machine 2.
    Another possibility is that someone added both users to the local administrators or power users group on machine 1, but this never happened on machine 2.
    LVL 1

    Author Comment

    Thanks for your speedy suggestion!

    I think I checked the NTFS permissions on both machines to compare them, and saw that they were the same for both machines (oddly, read/execute only if I remember rightly, so I don't know how machine 1 is able to do what machine 2 cannot!).  However, I will double check in case I missed it, or there's an inherited permission somewhere.

    On user memberships; on the server they are only members of users.  I hadn't thought that someone may have changed their memberships on the local machines, though - is that what you mean?


    LVL 82

    Expert Comment

    Yes; I just noticed that they seem to be able to access even C:\Program Files (and not only the program's subfolder) on machine 1, which makes it even more likely that they have more permissions on this one than on the other.
    LVL 1

    Author Comment

    Ah OK, I see your thinking.  I did presume that c:\program files would be restricted for write access by default but didn't know for sure... some of this is new ground for me.

    I'll check the permissions tomorrow and post back !

    LVL 1

    Author Comment

    In the end, it turned out someone had created a LOCAL account with the same name on machine 1.  This didn't really explain why, when logging in with a different account, the user was still able to write to c:\progam files but we removed the local version of the account - and the machine started behaving the correct way (not able to write to that folder).

    I then allowed all local users permissions on the c:\program files\Name of software folder - problem solved.

    Thanks for your help !


    Featured Post

    Highfive Gives IT Their Time Back

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
    This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…
    This video discusses moving either the default database or any database to a new volume.

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now