[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

NTFS Permission Changes Cause Loss of File Access

Posted on 2013-06-12
1
Medium Priority
?
664 Views
Last Modified: 2013-06-12
I need to repermission some folders that are presently inherting permissions from a parent level.  I need to disable inheritance, and assign a new security group that only they have access to this folder and subfolders/files.

For Example.

D:\Share\Secure

Security proprties on Secure are presently set to:

CREATOR OWNER - Special - Inherited from Share - Subfolders and files only
SYSTEM - Full control- Inherited from Share - Folder, Subfolder, Files
Domain Admins - Full Control - Inherited from Share - Folder, Subfolder, Files
Domain Users - Modify - Inherited from Share - Folder, Subfolder, Files

I want to have it so the Secure folder is only accessible by a new Security group I created called Secure_Access

When I go to edit the Advanced Security Settings for Secure, I uncheck Include inheritable permissions from this objects parent, and select the copy option.

However, I have an issue when a user who is already a member of Domain Users group, and I also added them as a member of the Secure_Access group are already within the Secure folder and are working with files and have them open, when I remove the Domain Users group from accessing the Secure folder and items within it, they get denied access.  

How is this the case, when the permissions they are re-assigned are the same, just part of a different group?

Would they need to be completely out of the Secure folder (check open connections on shares) in order for the permissions to apply without issue?  Also, will they need to log out of their PCs at all when this change occurs, or are these permission changes immediate (which I imagine they are, but I've had instances where I changed them, and they didn't go into effect until a logout/reboot)

Thanks.
0
Comment
Question by:fireguy1125
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 85

Accepted Solution

by:
oBdA earned 2000 total points
ID: 39242174
An NTFS permission change does not require a re-logon (as you noticed when the users were denied access while you were changing permissions).
A change in group membership, though, does require the user to log out and back in, because the security token that contains his group membership will only be refreshed during logon.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question