Faulty Inherited Permissions Problem -

Posted on 2009-04-27
Last Modified: 2012-05-06
I have a user on a Windows 2003 domain that is showing them as having inherited read & execute permissions on a lower level sud-directorty on a data server.  The permissions show as being inherited from from 'Parent Object'.  Other group based inherited permissions for that folder for other users are correctly oming down from the root of the drive.  What is strange is that this user does not have any specific permissions set at any higher level - so where are the rogue permissions coming from ?
Question by:cmdown
    LVL 40

    Accepted Solution

    I've actually had this before 'cmdown'. What I had to do is to uncheck the "Inherit parent permissions..." option in the Advanced settings area under the Security tab, then re-check that option. That resolved this issue for me.

    Let me know how it goes.

    LVL 1

    Author Comment

    Hi coolsport

    When I uncheck this it will ask me what to do with the permissions - copy or remove.  We have almost 100,000 files below the higher level folder containg the 'faulty permission'.  Can you advise on the imiplications of copying the permissions, then specifically removing the faulty user permissions and then reapplying the inherit option for the folder and all subfolders
    LVL 40

    Assisted Solution

    Make sure you notice what permissions are set, just in case you need to re-add any at this folder level. If all your permissions are inherited, then there shouldn't be any implications. What you would want to do is select REMOVE. This will just simply remove all inherited permissions from parent folder(s). Once you reselect the Inherit option, it will re-inherit the permissions and all should be as it was and, theoretically, withOUT the faulty permission.

    LVL 18

    Expert Comment

    "What is strange is that this user does not have any specific permissions set at any higher level - so where are the rogue permissions coming from ?"

    Does this user belong to any of the groups assigned inheritance permission from the parent folder? Or what exact permission is granted to this user at the question folder or is it just assigned "special" permission on the bottom?
    LVL 1

    Author Comment

    The user is granted read+execute, read & list folder contents.  All 3 show as inherited.
    If you go into advanced properties it just shows read+execute as being inherited from 'Parent Object'.

    All other inherited permissions for users, creater-owner etc are inherited from the root of the drive.
    LVL 1

    Author Closing Comment

    Thanks Guys.  Found a few other odd inherited permissions.  Suspect that the problem has arisen when migrating earlier in the year from an old RM server.  This seems to have fixed the problem but as it affected over 1,200 users it was a bit concern over whether to actually push the button and make the change !

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    Suggested Solutions

    As network administrators; we know how hard it is to track user’s login/logout using security event log (BTW it is harder now in windows 2008 because user name is always “N/A” in the grid), and most of us either get 3rd party tools, or just make our…
    Companies that have implemented Microsoft’s Active Directory need to ensure that the Active Directory is configured and operating properly. If there are issues found and not resolved, it eventually leads the components to fail or stop working and fi…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    25 Experts available now in Live!

    Get 1:1 Help Now