Solved

NTFS Permission Changes Cause Loss of File Access

Posted on 2013-06-12
1
640 Views
Last Modified: 2013-06-12
I need to repermission some folders that are presently inherting permissions from a parent level.  I need to disable inheritance, and assign a new security group that only they have access to this folder and subfolders/files.

For Example.

D:\Share\Secure

Security proprties on Secure are presently set to:

CREATOR OWNER - Special - Inherited from Share - Subfolders and files only
SYSTEM - Full control- Inherited from Share - Folder, Subfolder, Files
Domain Admins - Full Control - Inherited from Share - Folder, Subfolder, Files
Domain Users - Modify - Inherited from Share - Folder, Subfolder, Files

I want to have it so the Secure folder is only accessible by a new Security group I created called Secure_Access

When I go to edit the Advanced Security Settings for Secure, I uncheck Include inheritable permissions from this objects parent, and select the copy option.

However, I have an issue when a user who is already a member of Domain Users group, and I also added them as a member of the Secure_Access group are already within the Secure folder and are working with files and have them open, when I remove the Domain Users group from accessing the Secure folder and items within it, they get denied access.  

How is this the case, when the permissions they are re-assigned are the same, just part of a different group?

Would they need to be completely out of the Secure folder (check open connections on shares) in order for the permissions to apply without issue?  Also, will they need to log out of their PCs at all when this change occurs, or are these permission changes immediate (which I imagine they are, but I've had instances where I changed them, and they didn't go into effect until a logout/reboot)

Thanks.
0
Comment
Question by:fireguy1125
1 Comment
 
LVL 83

Accepted Solution

by:
oBdA earned 500 total points
ID: 39242174
An NTFS permission change does not require a re-logon (as you noticed when the users were denied access while you were changing permissions).
A change in group membership, though, does require the user to log out and back in, because the security token that contains his group membership will only be refreshed during logon.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now