Solved

Corruption in NTFS Permissions

Posted on 2008-10-16
9
573 Views
Last Modified: 2012-05-05
We have a file server with personal folders for each user, mapped as a drive ("P:\>" as in  "Personal" drive), for each user. There are also folders for each department that are shared by all members of said department, and also mapped as drives ("R":\>"  for dept drive) for each user within that department.

The users that have permission to the folder, as a mapped drive, can see, open & change the files, but can not save them back into the folder they found the file in. the error..is "Access denied"  with the generic MS comment of please make sure the drive is not full ...etc.

I have moved the files across a partition onto another server, (which, in theory should have stripped off the permissions in NTFS drives) I deleted the folder the files originally resided in and created a new folder. I first assigned the "Share" and gave the 2 users full access to the files & folders. I then assigned the security the same way on the "Root" folder (R:\>Marketing) I then set "Inherit permissions....." on the security tab. Last, I moved the files & folders back into the File server (R:\Marketing) folder. We had the same problem???
There are dozens of folders in the root of that "Data drive" that are shared and all shares work fine.
So, hundreds of folders with thousands of files permissions are fine on the same drive, just not this folder.
0
Comment
Question by:Zolly-Simon
  • 6
  • 3
9 Comments
 
LVL 5

Expert Comment

by:ccns
ID: 22735790
Moving files and folders moves also the security permissions... if you want the file/dolsers to inherit the permissions of a current folder, copy the files.
0
 

Author Comment

by:Zolly-Simon
ID: 22735867
ccns,
I always thought that moving files or folders within the same "Patrition" will keep permissions. Moving them across partitions, or drives (in an NTFS file system) will strip the permissions. That is what I was hoping would happen when I moved everything onto another physical server. then back into a different folder with preset permissions??

Thanks
0
 
LVL 5

Expert Comment

by:ccns
ID: 22735902
as far as i know they still keep the same mermissions cross partitions/volumes.. in ntfs... on fat32 that was correct.
0
 

Author Comment

by:Zolly-Simon
ID: 22741627
Update,

It appears that any - all new folders have the "Access Denied" error when attempting to write to the drive. This has become a major issue.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:Zolly-Simon
ID: 22746820
I have just issued a new computer to a user. i mapped his usual drives. he can not write to any of his folders. they have the "read-only" attribute set, when viewed from that new computer. the user then can not remove the read-only setting, "Access Denied"

The common thread is Windows XP Pro "SP3", could this be a "Service Pack 3" issue?
0
 

Accepted Solution

by:
Zolly-Simon earned 0 total points
ID: 22788258
Describing the issue here is very difficult.

I read some comments about nltest.exe, re secure channel corruption???but it all poretained to windows NT.

I suspect (now) that my issue here is just that but I am working with a PDC of Windows 2003 Standard Server
and a Windows 2000 advanced server (file server < where issue is most prevelant)

shall I remove that windows 200 adv server from the domain & re-join?
or is my issue at the pdc? if so, what tool do I look for?

I either need to solve this, or prepare my resume, so any help would be paramount .

Thank you
0
 
LVL 5

Expert Comment

by:ccns
ID: 22817618
have you tried removing the shares and creating them again.? or checking the share permissions?
otherwise you can enable all users have access to the drives and see if this works?
on the server right click the drive in question and add everyone group in security and in shared permissions...
with full access see if the user then can do this...
Otherwise if it just revolves around this one drive/volume if it is a sinlge drive that is the volume replace the drive  if all else fails i guess.
0
 

Author Comment

by:Zolly-Simon
ID: 22817840
ccns, thanx for the suggestion but I now have it fixed. I gave up looking here and called Microsoft. $$$ For some reason, I could not drum up enough interest to get anyone here, to give my problem a real shot. I don't know what I did wrong???

The issue was a lot of little problems rolled up into one large one. Starting at the PDC. I found there was corruption in the secure channel between the PDC and subordinate servers. The support guy was in "Directory services". he flew through the servers, back & forth, like he knew what he was doing. :)

There were local DNS issues that prevented or slowed name resolution, there were gpo issues. group policy was not properly assigned (maybe timed out waiting for dns??) There were "WINS" issues

I can't honestly say  what he did to fix my problem but the more I praised him, his work & how flipping smart he is/was, the more work he did for me.  I practically had him tune up all 5 servers. The guy was a total brain. I wish I knew AD like he does.

BTW, I did all the things you recomended before I asked my question here.
PS, how do I generate more interest here on my questions ... or was my question/problem too complex in nature ???

Thanks
0
 

Author Comment

by:Zolly-Simon
ID: 22832859
I received this from the support person at Microsoft. I thought it should be posted (even though this question is closed) I hope the $300.00 I spent at Microsoft will help the next person resolve their issue, or at least point them in the right direction . (again, Please let me know what I did wrong as far as far as soliciting the attention of those that could help me resolve this issue)

PROBLEM:

Security Permissions issue  Access is denied while trying to create a new folder on a share via mapped drive.

Unable to create New folder

"Access is Denied"

 

CAUSE: SMB signing settings

RESOLUTION:

Removed ISP IP address from alternate DNS from TCP/IP on Domain controllers it was already added in the forwarders list

Enabled NetBIOS over TCP/IP on (PDC server name)

Ran command on both DCs (PDC & BDC)

ipconfig /flushdns & net stop netlogon & net start netlogon & ipconfig /registerdns & nbtstat -rr

Set SMB signing via GPO Default domain controller policy on GREATSLAVE DC as the SMB settings were not in match.

Computer Configuration\Windows Settings\Security settings\Local Policies\Security Options

Microsoft networks client-Digitally sign communication(Always) -Disabled

Microsoft networks client-Digitally sign communication(if server agrees) -Enabled

Microsoft networks server-Digitally sign communication(Always) -Disabled

Microsoft networks server-Digitally sign communication(if client agrees) -Enabled

Disconnected the map drive and reconnected it.

User was able to create a folder in the share via the mapped drive.

0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

As companies replace their old PBX phone systems with Unified IP Communications, many are finding out that legacy applications such as fax do not work well with VoIP. Fortunately, Cloud Faxing provides a cost-effective alternative that works over an…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now