Corruption in NTFS Permissions

Posted on 2008-10-16
Medium Priority
Last Modified: 2012-05-05
We have a file server with personal folders for each user, mapped as a drive ("P:\>" as in  "Personal" drive), for each user. There are also folders for each department that are shared by all members of said department, and also mapped as drives ("R":\>"  for dept drive) for each user within that department.

The users that have permission to the folder, as a mapped drive, can see, open & change the files, but can not save them back into the folder they found the file in. the error..is "Access denied"  with the generic MS comment of please make sure the drive is not full ...etc.

I have moved the files across a partition onto another server, (which, in theory should have stripped off the permissions in NTFS drives) I deleted the folder the files originally resided in and created a new folder. I first assigned the "Share" and gave the 2 users full access to the files & folders. I then assigned the security the same way on the "Root" folder (R:\>Marketing) I then set "Inherit permissions....." on the security tab. Last, I moved the files & folders back into the File server (R:\Marketing) folder. We had the same problem???
There are dozens of folders in the root of that "Data drive" that are shared and all shares work fine.
So, hundreds of folders with thousands of files permissions are fine on the same drive, just not this folder.
Question by:Zolly-Simon
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3

Expert Comment

ID: 22735790
Moving files and folders moves also the security permissions... if you want the file/dolsers to inherit the permissions of a current folder, copy the files.

Author Comment

ID: 22735867
I always thought that moving files or folders within the same "Patrition" will keep permissions. Moving them across partitions, or drives (in an NTFS file system) will strip the permissions. That is what I was hoping would happen when I moved everything onto another physical server. then back into a different folder with preset permissions??


Expert Comment

ID: 22735902
as far as i know they still keep the same mermissions cross partitions/volumes.. in ntfs... on fat32 that was correct.

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.


Author Comment

ID: 22741627

It appears that any - all new folders have the "Access Denied" error when attempting to write to the drive. This has become a major issue.

Author Comment

ID: 22746820
I have just issued a new computer to a user. i mapped his usual drives. he can not write to any of his folders. they have the "read-only" attribute set, when viewed from that new computer. the user then can not remove the read-only setting, "Access Denied"

The common thread is Windows XP Pro "SP3", could this be a "Service Pack 3" issue?

Accepted Solution

Zolly-Simon earned 0 total points
ID: 22788258
Describing the issue here is very difficult.

I read some comments about nltest.exe, re secure channel corruption???but it all poretained to windows NT.

I suspect (now) that my issue here is just that but I am working with a PDC of Windows 2003 Standard Server
and a Windows 2000 advanced server (file server < where issue is most prevelant)

shall I remove that windows 200 adv server from the domain & re-join?
or is my issue at the pdc? if so, what tool do I look for?

I either need to solve this, or prepare my resume, so any help would be paramount .

Thank you

Expert Comment

ID: 22817618
have you tried removing the shares and creating them again.? or checking the share permissions?
otherwise you can enable all users have access to the drives and see if this works?
on the server right click the drive in question and add everyone group in security and in shared permissions...
with full access see if the user then can do this...
Otherwise if it just revolves around this one drive/volume if it is a sinlge drive that is the volume replace the drive  if all else fails i guess.

Author Comment

ID: 22817840
ccns, thanx for the suggestion but I now have it fixed. I gave up looking here and called Microsoft. $$$ For some reason, I could not drum up enough interest to get anyone here, to give my problem a real shot. I don't know what I did wrong???

The issue was a lot of little problems rolled up into one large one. Starting at the PDC. I found there was corruption in the secure channel between the PDC and subordinate servers. The support guy was in "Directory services". he flew through the servers, back & forth, like he knew what he was doing. :)

There were local DNS issues that prevented or slowed name resolution, there were gpo issues. group policy was not properly assigned (maybe timed out waiting for dns??) There were "WINS" issues

I can't honestly say  what he did to fix my problem but the more I praised him, his work & how flipping smart he is/was, the more work he did for me.  I practically had him tune up all 5 servers. The guy was a total brain. I wish I knew AD like he does.

BTW, I did all the things you recomended before I asked my question here.
PS, how do I generate more interest here on my questions ... or was my question/problem too complex in nature ???


Author Comment

ID: 22832859
I received this from the support person at Microsoft. I thought it should be posted (even though this question is closed) I hope the $300.00 I spent at Microsoft will help the next person resolve their issue, or at least point them in the right direction . (again, Please let me know what I did wrong as far as far as soliciting the attention of those that could help me resolve this issue)


Security Permissions issue  Access is denied while trying to create a new folder on a share via mapped drive.

Unable to create New folder

"Access is Denied"


CAUSE: SMB signing settings


Removed ISP IP address from alternate DNS from TCP/IP on Domain controllers it was already added in the forwarders list

Enabled NetBIOS over TCP/IP on (PDC server name)

Ran command on both DCs (PDC & BDC)

ipconfig /flushdns & net stop netlogon & net start netlogon & ipconfig /registerdns & nbtstat -rr

Set SMB signing via GPO Default domain controller policy on GREATSLAVE DC as the SMB settings were not in match.

Computer Configuration\Windows Settings\Security settings\Local Policies\Security Options

Microsoft networks client-Digitally sign communication(Always) -Disabled

Microsoft networks client-Digitally sign communication(if server agrees) -Enabled

Microsoft networks server-Digitally sign communication(Always) -Disabled

Microsoft networks server-Digitally sign communication(if client agrees) -Enabled

Disconnected the map drive and reconnected it.

User was able to create a folder in the share via the mapped drive.


Featured Post

ATEN's HDBaseT Presentation at InfoComm 2017

Hear ATEN Product Manager YT Liang review HDBaseT technology, highlighting ATEN’s latest solutions as they relate to real-world applications during her presentation at the HDBaseT booth at InfoComm 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Transparency shows that a company is the kind of business that it wants people to think it is.
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question