s-comps
asked on
Users or Groups in the Security Settings of Folder Share Vanish
Hi,
We've a strange problem here on a Server 2003 for SBS machine.
We've a number of shared folders which are all mapped to the client PC's during log-in.
Intermittantly, access issues appear.
For example today, the Users or Groups in the Security tab of the shared folder have been vanishing.
We've had similar problems before, but thought it was a network issue.
Today, out of the 8 mapped drives, two of them (the most frequently used) have lost the above settings. We can add the group back into the list, reselect 'Allow' full rights and then apply that to all child folders etc. It will rebuild and then we can get access. Then after a period of time (maybe 2 minutes, maybe 20) the sub folders start to deny access, then the main shared folder will deny access.
Checking the Security tab again shows it to be empty.
We've never seen this before and can find no reason for it to happen. It's been doing this on and off for a number of months and sometimes will do it for a while, then stop of 5 or 6 weeks.
(Since this has been happening, we've replaced the hard drives, changed the memory, the cpu and the motherboard. The network swtiches have also been replaced.)
Any help would be appreciated as we're running out of ideas.
Thanks.
We've a strange problem here on a Server 2003 for SBS machine.
We've a number of shared folders which are all mapped to the client PC's during log-in.
Intermittantly, access issues appear.
For example today, the Users or Groups in the Security tab of the shared folder have been vanishing.
We've had similar problems before, but thought it was a network issue.
Today, out of the 8 mapped drives, two of them (the most frequently used) have lost the above settings. We can add the group back into the list, reselect 'Allow' full rights and then apply that to all child folders etc. It will rebuild and then we can get access. Then after a period of time (maybe 2 minutes, maybe 20) the sub folders start to deny access, then the main shared folder will deny access.
Checking the Security tab again shows it to be empty.
We've never seen this before and can find no reason for it to happen. It's been doing this on and off for a number of months and sometimes will do it for a while, then stop of 5 or 6 weeks.
(Since this has been happening, we've replaced the hard drives, changed the memory, the cpu and the motherboard. The network swtiches have also been replaced.)
Any help would be appreciated as we're running out of ideas.
Thanks.
ASKER
Hi,
Many thanks.
When we get to point 3, success and failure are both greyed out.
Any ideas ?
Now going to start a CHKDSK /F
Many thanks.
When we get to point 3, success and failure are both greyed out.
Any ideas ?
Now going to start a CHKDSK /F
Let's try it again after chckdsk /f
The worst case is running windows recovery console to repair the OS. Every attempt should be done after correct errors on the disk with chckdsk.
K
The worst case is running windows recovery console to repair the OS. Every attempt should be done after correct errors on the disk with chckdsk.
K
ASKER
CHKDSK /F has completed with no errors.
The Success and Failure boxes are still greyed out.
Any other ideas?
Thanks.
The Success and Failure boxes are still greyed out.
Any other ideas?
Thanks.
Run recovery console to restore system file. Here is the how to:
http://www.petri.co.il/install_windows_2000_xp_2003_recovery_console.htm
K
http://www.petri.co.il/install_windows_2000_xp_2003_recovery_console.htm
K
ASKER
Hi,
Ok we have recovery Console running. What do you think we should do next ?
Thanks
Ok we have recovery Console running. What do you think we should do next ?
Thanks
When we get to point 3, success and failure are both greyed out...
If this option is not available in your local policy, most of the time, you need to check your GPO (Group Policy) because the local policy will be overwritten by GPO. If this option is disable in GPO, your local will be greyed out.
http://technet2.microsoft.com/windowsserver/en/library/3b5204b3-8b18-4b14-babd-a81532331af61033.mspx?mfr=true
K
If this option is not available in your local policy, most of the time, you need to check your GPO (Group Policy) because the local policy will be overwritten by GPO. If this option is disable in GPO, your local will be greyed out.
http://technet2.microsoft.com/windowsserver/en/library/3b5204b3-8b18-4b14-babd-a81532331af61033.mspx?mfr=true
K
ASKER
Thanks for your help so far.
We can now select the boxes and we are auditing both success and failures (by the main user group) in relation to the two folders in question.
Since starting the audit, I've changed the permissions/access rights for the folders and they've changed back.
There seems to be a lot of audit activity from one of the PC's on the network.
It's a case now of finding which event's are the relevant ones. There are a lot of Event ID 560's which end with - Accesses: Readattributes. These also have a blank 'Image File Name'.
Any pointers on where to start looking?
Once again, many thanks for your help so far. It's very much appreciated.
We can now select the boxes and we are auditing both success and failures (by the main user group) in relation to the two folders in question.
Since starting the audit, I've changed the permissions/access rights for the folders and they've changed back.
There seems to be a lot of audit activity from one of the PC's on the network.
It's a case now of finding which event's are the relevant ones. There are a lot of Event ID 560's which end with - Accesses: Readattributes. These also have a blank 'Image File Name'.
Any pointers on where to start looking?
Once again, many thanks for your help so far. It's very much appreciated.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi,
Just to keep you informed, we're currently monitoring the situation.
Hopefully more news next week.
Just to keep you informed, we're currently monitoring the situation.
Hopefully more news next week.
ASKER
We've tied down the permissions and are auditing the setup.
Thanks for your help Inkevin.
Thanks for your help Inkevin.
You are welcome.
K
K
- Create an audit on the folder to ensure no users disturb it. Here is the guide:
1. Go to start -> run -> write gpedit.msc.
2. Navigate to Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Audit Policy
3. Double click "objects access" and choose success and failure
4. Reboot the computer.
5. On the require directory right click and choose security.
5. Click on Advanced button and then on auditing tab.
6. Add "Everyone" group for tracking.
You can see the audit result in the local machine event log -> security.
- Run chckdsk /f on the partition. Some time, disk error will impact to permission setup.
- Check your GPO to be sure their is no rule set up again this folder or shared folder.
K