Corruption in NTFS Permissions

Posted on 2008-10-16
Last Modified: 2012-05-05
We have a file server with personal folders for each user, mapped as a drive ("P:\>" as in  "Personal" drive), for each user. There are also folders for each department that are shared by all members of said department, and also mapped as drives ("R":\>"  for dept drive) for each user within that department.

The users that have permission to the folder, as a mapped drive, can see, open & change the files, but can not save them back into the folder they found the file in. the "Access denied"  with the generic MS comment of please make sure the drive is not full ...etc.

I have moved the files across a partition onto another server, (which, in theory should have stripped off the permissions in NTFS drives) I deleted the folder the files originally resided in and created a new folder. I first assigned the "Share" and gave the 2 users full access to the files & folders. I then assigned the security the same way on the "Root" folder (R:\>Marketing) I then set "Inherit permissions....." on the security tab. Last, I moved the files & folders back into the File server (R:\Marketing) folder. We had the same problem???
There are dozens of folders in the root of that "Data drive" that are shared and all shares work fine.
So, hundreds of folders with thousands of files permissions are fine on the same drive, just not this folder.
Question by:Zolly-Simon
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3

Expert Comment

ID: 22735790
Moving files and folders moves also the security permissions... if you want the file/dolsers to inherit the permissions of a current folder, copy the files.

Author Comment

ID: 22735867
I always thought that moving files or folders within the same "Patrition" will keep permissions. Moving them across partitions, or drives (in an NTFS file system) will strip the permissions. That is what I was hoping would happen when I moved everything onto another physical server. then back into a different folder with preset permissions??


Expert Comment

ID: 22735902
as far as i know they still keep the same mermissions cross partitions/volumes.. in ntfs... on fat32 that was correct.
Retailers - Is your network secure?

With the prevalence of social media & networking tools, for retailers, reputation is critical. Have you considered the impact your network security could have in your customer's experience? Learn more in our Retail Security Resource Kit Today!


Author Comment

ID: 22741627

It appears that any - all new folders have the "Access Denied" error when attempting to write to the drive. This has become a major issue.

Author Comment

ID: 22746820
I have just issued a new computer to a user. i mapped his usual drives. he can not write to any of his folders. they have the "read-only" attribute set, when viewed from that new computer. the user then can not remove the read-only setting, "Access Denied"

The common thread is Windows XP Pro "SP3", could this be a "Service Pack 3" issue?

Accepted Solution

Zolly-Simon earned 0 total points
ID: 22788258
Describing the issue here is very difficult.

I read some comments about nltest.exe, re secure channel corruption???but it all poretained to windows NT.

I suspect (now) that my issue here is just that but I am working with a PDC of Windows 2003 Standard Server
and a Windows 2000 advanced server (file server < where issue is most prevelant)

shall I remove that windows 200 adv server from the domain & re-join?
or is my issue at the pdc? if so, what tool do I look for?

I either need to solve this, or prepare my resume, so any help would be paramount .

Thank you

Expert Comment

ID: 22817618
have you tried removing the shares and creating them again.? or checking the share permissions?
otherwise you can enable all users have access to the drives and see if this works?
on the server right click the drive in question and add everyone group in security and in shared permissions...
with full access see if the user then can do this...
Otherwise if it just revolves around this one drive/volume if it is a sinlge drive that is the volume replace the drive  if all else fails i guess.

Author Comment

ID: 22817840
ccns, thanx for the suggestion but I now have it fixed. I gave up looking here and called Microsoft. $$$ For some reason, I could not drum up enough interest to get anyone here, to give my problem a real shot. I don't know what I did wrong???

The issue was a lot of little problems rolled up into one large one. Starting at the PDC. I found there was corruption in the secure channel between the PDC and subordinate servers. The support guy was in "Directory services". he flew through the servers, back & forth, like he knew what he was doing. :)

There were local DNS issues that prevented or slowed name resolution, there were gpo issues. group policy was not properly assigned (maybe timed out waiting for dns??) There were "WINS" issues

I can't honestly say  what he did to fix my problem but the more I praised him, his work & how flipping smart he is/was, the more work he did for me.  I practically had him tune up all 5 servers. The guy was a total brain. I wish I knew AD like he does.

BTW, I did all the things you recomended before I asked my question here.
PS, how do I generate more interest here on my questions ... or was my question/problem too complex in nature ???


Author Comment

ID: 22832859
I received this from the support person at Microsoft. I thought it should be posted (even though this question is closed) I hope the $300.00 I spent at Microsoft will help the next person resolve their issue, or at least point them in the right direction . (again, Please let me know what I did wrong as far as far as soliciting the attention of those that could help me resolve this issue)


Security Permissions issue  Access is denied while trying to create a new folder on a share via mapped drive.

Unable to create New folder

"Access is Denied"


CAUSE: SMB signing settings


Removed ISP IP address from alternate DNS from TCP/IP on Domain controllers it was already added in the forwarders list

Enabled NetBIOS over TCP/IP on (PDC server name)

Ran command on both DCs (PDC & BDC)

ipconfig /flushdns & net stop netlogon & net start netlogon & ipconfig /registerdns & nbtstat -rr

Set SMB signing via GPO Default domain controller policy on GREATSLAVE DC as the SMB settings were not in match.

Computer Configuration\Windows Settings\Security settings\Local Policies\Security Options

Microsoft networks client-Digitally sign communication(Always) -Disabled

Microsoft networks client-Digitally sign communication(if server agrees) -Enabled

Microsoft networks server-Digitally sign communication(Always) -Disabled

Microsoft networks server-Digitally sign communication(if client agrees) -Enabled

Disconnected the map drive and reconnected it.

User was able to create a folder in the share via the mapped drive.


Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A Wildcard Certificate means all of your sub-domains will resolve to the same location, regardless of the non-SSL Document-Root specification. A user will need to purchase a wildcard SSL from a vendor or a reseller that supplies them. Similar to ha…
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question