Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Windows server folder permissions; to reboot or not to reboot!

Posted on 2012-09-11
Medium Priority
Last Modified: 2012-09-16
Hey All,

I'm hoping someone can provide some technical backgroud to Windows erver file permissions; specifically when a reboot is necessary for the client vs when its not and why.

So, pretend i've got a windows 2008 file server and windows 7 clients.

       Scenario 1:
      -I create new folder share "Share1" on FS1 (file server1)
      -I give the user modify access by account the users account directly to the folder.
      -They type \\fs1\share1 and they can get there without a reboot

       Scenario 2
      -I create new folder share "Share1" on FS1 (file server1)
      -I create a global security group called "fs1 - Share1" and add the user to this group
      -I give the global secutiy group I created modify access to the folder "Share1" .
      -They type \\fs1\share1 and they CAN'T get there without a reboot

       Scenario 3 & 4
      - Every statement is the same except that instead of a share, its just a subfolder    under a share that everyone only has
(List       Folder/Read)
(Read Extended Attributes)
(Read Attributes)
(Read Permissions)
NTFS rights to the top level only. Subfolders need explicit rights to view and modify, etc. But the behavior is duplicated wehn adding user directly to folder vs adding the user to a group then adding the group to a folder.

If anyone can explain the technical details of when a reboot is necessary vs when its not or point me to some cool articles, I would appreciate it very much. I can create and manage a file server, but i'd like to be able to understand the nitty gritty, ya know?  :)  

thanks erveryone!
Question by:-JT
LVL 57

Accepted Solution

Mike Kline earned 1050 total points
ID: 38389478
Reboot is not necessary (although that works too) but the user will need to log off and log back off when you use a group on the ACL.  The user needs to update his/her token and that happens at logon.

You can see what groups the user is a member of whoami /groups

So you add user to the group make sure it has replicated have them log off and back on and they should have access.

The reason it is not needed when you add them directly is because the token doesn't have to be updated.

...FYI I know some folks will tell the users to reboot just to make sure replication has happened.



Author Comment

ID: 38404291
OK, thanks for verifying that groups vs direct addition is different. I wasn't entirely sure. :)  
I do tend to tell users just to reboot to make sure they really do it as opposed to just locking and unlocking their PC. :P
Do tokens not play any part in certain situation where a user is accessing a resource? Now that you've confirmed for me the difference exists, i'd like to find out the exact process of why. do you happen to know?

thanks for the reply btw!

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question