Solved

NTFS Permission Changes Cause Loss of File Access

Posted on 2013-06-12
1
645 Views
Last Modified: 2013-06-12
I need to repermission some folders that are presently inherting permissions from a parent level.  I need to disable inheritance, and assign a new security group that only they have access to this folder and subfolders/files.

For Example.

D:\Share\Secure

Security proprties on Secure are presently set to:

CREATOR OWNER - Special - Inherited from Share - Subfolders and files only
SYSTEM - Full control- Inherited from Share - Folder, Subfolder, Files
Domain Admins - Full Control - Inherited from Share - Folder, Subfolder, Files
Domain Users - Modify - Inherited from Share - Folder, Subfolder, Files

I want to have it so the Secure folder is only accessible by a new Security group I created called Secure_Access

When I go to edit the Advanced Security Settings for Secure, I uncheck Include inheritable permissions from this objects parent, and select the copy option.

However, I have an issue when a user who is already a member of Domain Users group, and I also added them as a member of the Secure_Access group are already within the Secure folder and are working with files and have them open, when I remove the Domain Users group from accessing the Secure folder and items within it, they get denied access.  

How is this the case, when the permissions they are re-assigned are the same, just part of a different group?

Would they need to be completely out of the Secure folder (check open connections on shares) in order for the permissions to apply without issue?  Also, will they need to log out of their PCs at all when this change occurs, or are these permission changes immediate (which I imagine they are, but I've had instances where I changed them, and they didn't go into effect until a logout/reboot)

Thanks.
0
Comment
Question by:fireguy1125
1 Comment
 
LVL 84

Accepted Solution

by:
oBdA earned 500 total points
ID: 39242174
An NTFS permission change does not require a re-logon (as you noticed when the users were denied access while you were changing permissions).
A change in group membership, though, does require the user to log out and back in, because the security token that contains his group membership will only be refreshed during logon.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question