Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Corruption in NTFS Permissions

Posted on 2008-10-16
Medium Priority
Last Modified: 2012-05-05
We have a file server with personal folders for each user, mapped as a drive ("P:\>" as in  "Personal" drive), for each user. There are also folders for each department that are shared by all members of said department, and also mapped as drives ("R":\>"  for dept drive) for each user within that department.

The users that have permission to the folder, as a mapped drive, can see, open & change the files, but can not save them back into the folder they found the file in. the error..is "Access denied"  with the generic MS comment of please make sure the drive is not full ...etc.

I have moved the files across a partition onto another server, (which, in theory should have stripped off the permissions in NTFS drives) I deleted the folder the files originally resided in and created a new folder. I first assigned the "Share" and gave the 2 users full access to the files & folders. I then assigned the security the same way on the "Root" folder (R:\>Marketing) I then set "Inherit permissions....." on the security tab. Last, I moved the files & folders back into the File server (R:\Marketing) folder. We had the same problem???
There are dozens of folders in the root of that "Data drive" that are shared and all shares work fine.
So, hundreds of folders with thousands of files permissions are fine on the same drive, just not this folder.
Question by:Zolly-Simon
  • 6
  • 3

Expert Comment

ID: 22735790
Moving files and folders moves also the security permissions... if you want the file/dolsers to inherit the permissions of a current folder, copy the files.

Author Comment

ID: 22735867
I always thought that moving files or folders within the same "Patrition" will keep permissions. Moving them across partitions, or drives (in an NTFS file system) will strip the permissions. That is what I was hoping would happen when I moved everything onto another physical server. then back into a different folder with preset permissions??


Expert Comment

ID: 22735902
as far as i know they still keep the same mermissions cross partitions/volumes.. in ntfs... on fat32 that was correct.
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!


Author Comment

ID: 22741627

It appears that any - all new folders have the "Access Denied" error when attempting to write to the drive. This has become a major issue.

Author Comment

ID: 22746820
I have just issued a new computer to a user. i mapped his usual drives. he can not write to any of his folders. they have the "read-only" attribute set, when viewed from that new computer. the user then can not remove the read-only setting, "Access Denied"

The common thread is Windows XP Pro "SP3", could this be a "Service Pack 3" issue?

Accepted Solution

Zolly-Simon earned 0 total points
ID: 22788258
Describing the issue here is very difficult.

I read some comments about nltest.exe, re secure channel corruption???but it all poretained to windows NT.

I suspect (now) that my issue here is just that but I am working with a PDC of Windows 2003 Standard Server
and a Windows 2000 advanced server (file server < where issue is most prevelant)

shall I remove that windows 200 adv server from the domain & re-join?
or is my issue at the pdc? if so, what tool do I look for?

I either need to solve this, or prepare my resume, so any help would be paramount .

Thank you

Expert Comment

ID: 22817618
have you tried removing the shares and creating them again.? or checking the share permissions?
otherwise you can enable all users have access to the drives and see if this works?
on the server right click the drive in question and add everyone group in security and in shared permissions...
with full access see if the user then can do this...
Otherwise if it just revolves around this one drive/volume if it is a sinlge drive that is the volume replace the drive  if all else fails i guess.

Author Comment

ID: 22817840
ccns, thanx for the suggestion but I now have it fixed. I gave up looking here and called Microsoft. $$$ For some reason, I could not drum up enough interest to get anyone here, to give my problem a real shot. I don't know what I did wrong???

The issue was a lot of little problems rolled up into one large one. Starting at the PDC. I found there was corruption in the secure channel between the PDC and subordinate servers. The support guy was in "Directory services". he flew through the servers, back & forth, like he knew what he was doing. :)

There were local DNS issues that prevented or slowed name resolution, there were gpo issues. group policy was not properly assigned (maybe timed out waiting for dns??) There were "WINS" issues

I can't honestly say  what he did to fix my problem but the more I praised him, his work & how flipping smart he is/was, the more work he did for me.  I practically had him tune up all 5 servers. The guy was a total brain. I wish I knew AD like he does.

BTW, I did all the things you recomended before I asked my question here.
PS, how do I generate more interest here on my questions ... or was my question/problem too complex in nature ???


Author Comment

ID: 22832859
I received this from the support person at Microsoft. I thought it should be posted (even though this question is closed) I hope the $300.00 I spent at Microsoft will help the next person resolve their issue, or at least point them in the right direction . (again, Please let me know what I did wrong as far as far as soliciting the attention of those that could help me resolve this issue)


Security Permissions issue  Access is denied while trying to create a new folder on a share via mapped drive.

Unable to create New folder

"Access is Denied"


CAUSE: SMB signing settings


Removed ISP IP address from alternate DNS from TCP/IP on Domain controllers it was already added in the forwarders list

Enabled NetBIOS over TCP/IP on (PDC server name)

Ran command on both DCs (PDC & BDC)

ipconfig /flushdns & net stop netlogon & net start netlogon & ipconfig /registerdns & nbtstat -rr

Set SMB signing via GPO Default domain controller policy on GREATSLAVE DC as the SMB settings were not in match.

Computer Configuration\Windows Settings\Security settings\Local Policies\Security Options

Microsoft networks client-Digitally sign communication(Always) -Disabled

Microsoft networks client-Digitally sign communication(if server agrees) -Enabled

Microsoft networks server-Digitally sign communication(Always) -Disabled

Microsoft networks server-Digitally sign communication(if client agrees) -Enabled

Disconnected the map drive and reconnected it.

User was able to create a folder in the share via the mapped drive.


Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Suggested Courses

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question