• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 240
  • Last Modified:

Users or Groups in the Security Settings of Folder Share Vanish

Hi,

We've a strange problem here on a Server 2003 for SBS machine.

We've a number of shared folders which are all mapped to the client PC's during log-in.

Intermittantly, access issues appear.

For example today, the Users or Groups in the Security tab of the shared folder have been vanishing.

We've had similar problems before, but thought it was a network issue.

Today, out of the 8 mapped drives, two of them (the most frequently used) have lost the above settings.  We can add the group back into the list, reselect 'Allow' full rights and then apply that to all child folders etc.  It will rebuild and then we can get access.  Then after a period of time (maybe 2 minutes, maybe 20) the sub folders start to deny access, then the main shared folder will deny access.

Checking the Security tab again shows it to be empty.

We've never seen this before and can find no reason for it to happen.  It's been doing this on and off for a number of months and sometimes will do it for a while, then stop of 5 or 6 weeks.

(Since this has been happening, we've replaced the hard drives, changed the memory, the cpu and the motherboard.  The network swtiches have also been replaced.)

Any help would be appreciated as we're running out of ideas.

Thanks.
0
s-comps
Asked:
s-comps
  • 6
  • 6
1 Solution
 
lnkevinCommented:
There are a few things to be done:
- Create an audit on the folder to ensure no users disturb it. Here is the guide:
1. Go to start -> run -> write gpedit.msc.
2. Navigate to Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Audit Policy
3. Double click "objects access" and choose success and failure
4. Reboot the computer.
5. On the require directory right click and choose security.
5. Click on Advanced button and then on auditing tab.
6. Add "Everyone" group for tracking.
You can see the audit result in the local machine event log -> security.

- Run chckdsk /f on the partition. Some time, disk error will impact to permission setup.
- Check your GPO to be sure their is no rule set up again this folder or shared folder.

K


0
 
s-compsAuthor Commented:
Hi,

Many thanks.

When we get to point 3, success and failure are both greyed out.

Any ideas ?

Now going to start a CHKDSK /F
0
 
lnkevinCommented:
Let's try it again after chckdsk /f
The worst case is running windows recovery console to repair the OS. Every attempt should be done after correct errors on the disk with chckdsk.

K
0
Learn to develop an Android App

Want to increase your earning potential in 2018? Pad your resume with app building experience. Learn how with this hands-on course.

 
s-compsAuthor Commented:
CHKDSK /F has completed with no errors.

The Success and Failure boxes are still greyed out.

Any other ideas?

Thanks.
0
 
lnkevinCommented:
Run recovery console to restore system file. Here is the how to:
http://www.petri.co.il/install_windows_2000_xp_2003_recovery_console.htm

K
0
 
s-compsAuthor Commented:
Hi,

Ok we have recovery Console running. What do you think we should do next ?

Thanks
0
 
lnkevinCommented:
When we get to point 3, success and failure are both greyed out...

If this option is not available in your local policy, most of the time, you need to check your GPO (Group Policy) because the local policy will be overwritten by GPO. If this option is disable in GPO, your local will be greyed out.
http://technet2.microsoft.com/windowsserver/en/library/3b5204b3-8b18-4b14-babd-a81532331af61033.mspx?mfr=true

K
0
 
s-compsAuthor Commented:
Thanks for your help so far.

We can now select the boxes and we are auditing both success and failures (by the main user group) in relation to the two folders in question.

Since starting the audit, I've changed the permissions/access rights for the folders and they've changed back.

There seems to be a lot of audit activity from one of the PC's on the network.

It's a case now of finding which event's are the relevant ones.  There are a lot of Event ID 560's which end with - Accesses: Readattributes.  These also have a blank 'Image File Name'.

Any pointers on where to start looking?

Once again, many thanks for your help so far. It's very much appreciated.
0
 
lnkevinCommented:
Event ID: 560 Source: Object Accesses indicates there are users connect to this folder. It's normal. Since you can be able to capture one PC with a lot of activity, it narrower our focus. You are having permission issue with someone took over the folder owner. Did you check the Owner and Permission tab in Advance Security to see if there is suspicous users? if yes, take ownership of the folder and remove any other users that should not be in the group. Also, set user permission for Read Write, Execute, but Deny Change so user cannot change permission on the folder.

K
0
 
s-compsAuthor Commented:
Hi,

Just to keep you informed, we're currently monitoring the situation.

Hopefully more news next week.
0
 
s-compsAuthor Commented:
We've tied down the permissions and are auditing the setup.

Thanks for your help Inkevin.
0
 
lnkevinCommented:
You are welcome.

K
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 6
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now