Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3411
  • Last Modified:

Error Applying Security - Access denied when choosing to 'replace owner on subcontainers and objects'

Applies to 2008 R2.

Over the past few days I have been having issues propagating permissions on a file share from my file server.  When ownership of the parent folder is propagated to all subfolders and files, errors occur with a ‘access is denied error’.  This is cruicial because ownership needs to propagate in order for us to apply new ntfs permissions for users.  

Permissions are setup in this way on the parent folder:  

NTFS:  Drive Change (group)  - Change permissions
            Domain Admins – Full Control

OWNER: Domain Admins

When propagating the OWNER permissions multiple ‘access is denied’ messages appear for multiple sub directories that are not named.
When propagating the NTFS permissions the above is true also.

When checking at least 20 of the first generation of subfolders it is true that they are set to inherit from parent object.

Nothing that I am aware of has changed recently and am not aware of any other directories experiencing this.  Please find attached screenshot.

Many thanks.

applying-perms.jpg
0
owenlloyd
Asked:
owenlloyd
  • 4
  • 2
1 Solution
 
theruckCommented:
have you tried to set the permissions locally on the fs of the server or is it some small NAS device with linux you are trying to set the permissions on?
0
 
owenlloydAuthor Commented:
Hi theruck, thank you for your reply.  The folder resides on local hard drive storage.
0
 
theruckCommented:
than i would run checkdisk on that drive first then try it again

any chance tha the folder depth is over 254 characters?
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
owenlloydAuthor Commented:
Okay, I've just honed in on one of the first generation subfolders that wasnt propagating.

Share
          Parent
                     First generation subfolder

>Tried applying the owenership again to subfolders and objects from this folder.

The same error (one  for each object which failed to propagate).  

Honing in on one of the mentioned files which happens to be an xls (files are mixed), found at the 3rd generation of subfolders.

Share
          Parent
                     First generation subfolder
                                 Second generation subfolder
                                             Third generation subfolder
                                                      .XLS

I checked all of the subfolders down to the XLS and they are all inheriting from parent.
I then checked the XLS itself and this was not inheriting from parent, hence it's ownership was not shown and access was denied.

I would like to run a checkdisk, but uptime is crucial at the moment and this would have to be scheduled in.  I have checked every file within the all of these generations and they appear to be under 256 characters.

Taking ownership of the XLS worked and re-applying at the parent above it propagated.
There are simply far too many files and subdirectories in this share to be able to find all of the troublesome files/folders and manually take ownership of them!  Even if I wanted to the windows error clips the UNC path/filename so you dont know exactly where it is!
0
 
Netman66Commented:
You can use SUBINACL in a script to brute-force the ownership.

http://www.robvanderwoude.com/subinacl.php

Run the script targetting the Parent and simply do a recursive read/repair.

0
 
owenlloydAuthor Commented:
It turns out the ownership on child folders were lost due to a previous filestore migration.  Unfortunately the subinacl tool failed to set the new owner.  Folders will have to be manually taken ownership of.
0
 
owenlloydAuthor Commented:
Only alternative available to correct problem, but long winded.
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now