• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 759
  • Last Modified:

Group Policy is keeps removing IUSR_Computername from a folders permissions

I am running Trend Micro Antivirus for SMB on a Windows 2003 R2 SP2 server in a native 2003 Active Directory environment. I inherited a very poorly setup active directory environment in which the previous sys admin used the default domain policy for all his hacks. The default domain policy seems to remove the IUSR_computername account from the security permission tab on a folder located in C:\Program Files\Trend Micro\Security Server\PCCSRV\TEMP directory. The IUSR_Computername account needs R/W/Modify permissions to this folder in order for the Trend Security Dashboard to function properly. I re add the permissions but every time the policy refreshes its gone completely. While I can move the server to another OU and block the default domain policy and it does not get removed, I would really like to find out what setting is removing it in my default domain policy. Please Help!!!!
  • 2
1 Solution
Have you checked for entries in File System under Computer Configuration --> Windows Settings --> Security Settings in Group Policy?
ritch578Author Commented:
Yes, I but it has so many entries that I think I overlooked the C:/Program Files entry. Will removing this entry  stop the local IUSR_computername account from being deleted on my file two directories down from the Program Files directory?  Is it normal to have well over a hundred entries in the File system tab for a default domain policy? Example attached in word file

I believe the File system entries works like Restricted Groups entries. That is, if there is an entry, ONLY those users or groups specified will be allowed on the ACL/DACL. Removing any entry for that folder will allow you to set permissions on the server manually.

By default there are no entries in there. As a matter of management, I personally prefer not to have all my policies in the default domain policy. I prefer to have descriptive policies. So, it's only normal if that's the way tha admin set it up. It's certainly easier to lump everything into one policy..
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now