Corruption in NTFS Permissions

We have a file server with personal folders for each user, mapped as a drive ("P:\>" as in  "Personal" drive), for each user. There are also folders for each department that are shared by all members of said department, and also mapped as drives ("R":\>"  for dept drive) for each user within that department.

The users that have permission to the folder, as a mapped drive, can see, open & change the files, but can not save them back into the folder they found the file in. the "Access denied"  with the generic MS comment of please make sure the drive is not full ...etc.

I have moved the files across a partition onto another server, (which, in theory should have stripped off the permissions in NTFS drives) I deleted the folder the files originally resided in and created a new folder. I first assigned the "Share" and gave the 2 users full access to the files & folders. I then assigned the security the same way on the "Root" folder (R:\>Marketing) I then set "Inherit permissions....." on the security tab. Last, I moved the files & folders back into the File server (R:\Marketing) folder. We had the same problem???
There are dozens of folders in the root of that "Data drive" that are shared and all shares work fine.
So, hundreds of folders with thousands of files permissions are fine on the same drive, just not this folder.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Moving files and folders moves also the security permissions... if you want the file/dolsers to inherit the permissions of a current folder, copy the files.
Zolly-SimonAuthor Commented:
I always thought that moving files or folders within the same "Patrition" will keep permissions. Moving them across partitions, or drives (in an NTFS file system) will strip the permissions. That is what I was hoping would happen when I moved everything onto another physical server. then back into a different folder with preset permissions??

as far as i know they still keep the same mermissions cross partitions/volumes.. in ntfs... on fat32 that was correct.
What were the top attacks of Q1 2018?

The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Check out our Q1 2018 report for smart, practical security advice today!

Zolly-SimonAuthor Commented:

It appears that any - all new folders have the "Access Denied" error when attempting to write to the drive. This has become a major issue.
Zolly-SimonAuthor Commented:
I have just issued a new computer to a user. i mapped his usual drives. he can not write to any of his folders. they have the "read-only" attribute set, when viewed from that new computer. the user then can not remove the read-only setting, "Access Denied"

The common thread is Windows XP Pro "SP3", could this be a "Service Pack 3" issue?
Zolly-SimonAuthor Commented:
Describing the issue here is very difficult.

I read some comments about nltest.exe, re secure channel corruption???but it all poretained to windows NT.

I suspect (now) that my issue here is just that but I am working with a PDC of Windows 2003 Standard Server
and a Windows 2000 advanced server (file server < where issue is most prevelant)

shall I remove that windows 200 adv server from the domain & re-join?
or is my issue at the pdc? if so, what tool do I look for?

I either need to solve this, or prepare my resume, so any help would be paramount .

Thank you

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
have you tried removing the shares and creating them again.? or checking the share permissions?
otherwise you can enable all users have access to the drives and see if this works?
on the server right click the drive in question and add everyone group in security and in shared permissions...
with full access see if the user then can do this...
Otherwise if it just revolves around this one drive/volume if it is a sinlge drive that is the volume replace the drive  if all else fails i guess.
Zolly-SimonAuthor Commented:
ccns, thanx for the suggestion but I now have it fixed. I gave up looking here and called Microsoft. $$$ For some reason, I could not drum up enough interest to get anyone here, to give my problem a real shot. I don't know what I did wrong???

The issue was a lot of little problems rolled up into one large one. Starting at the PDC. I found there was corruption in the secure channel between the PDC and subordinate servers. The support guy was in "Directory services". he flew through the servers, back & forth, like he knew what he was doing. :)

There were local DNS issues that prevented or slowed name resolution, there were gpo issues. group policy was not properly assigned (maybe timed out waiting for dns??) There were "WINS" issues

I can't honestly say  what he did to fix my problem but the more I praised him, his work & how flipping smart he is/was, the more work he did for me.  I practically had him tune up all 5 servers. The guy was a total brain. I wish I knew AD like he does.

BTW, I did all the things you recomended before I asked my question here.
PS, how do I generate more interest here on my questions ... or was my question/problem too complex in nature ???

Zolly-SimonAuthor Commented:
I received this from the support person at Microsoft. I thought it should be posted (even though this question is closed) I hope the $300.00 I spent at Microsoft will help the next person resolve their issue, or at least point them in the right direction . (again, Please let me know what I did wrong as far as far as soliciting the attention of those that could help me resolve this issue)


Security Permissions issue  Access is denied while trying to create a new folder on a share via mapped drive.

Unable to create New folder

"Access is Denied"


CAUSE: SMB signing settings


Removed ISP IP address from alternate DNS from TCP/IP on Domain controllers it was already added in the forwarders list

Enabled NetBIOS over TCP/IP on (PDC server name)

Ran command on both DCs (PDC & BDC)

ipconfig /flushdns & net stop netlogon & net start netlogon & ipconfig /registerdns & nbtstat -rr

Set SMB signing via GPO Default domain controller policy on GREATSLAVE DC as the SMB settings were not in match.

Computer Configuration\Windows Settings\Security settings\Local Policies\Security Options

Microsoft networks client-Digitally sign communication(Always) -Disabled

Microsoft networks client-Digitally sign communication(if server agrees) -Enabled

Microsoft networks server-Digitally sign communication(Always) -Disabled

Microsoft networks server-Digitally sign communication(if client agrees) -Enabled

Disconnected the map drive and reconnected it.

User was able to create a folder in the share via the mapped drive.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Management

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.