fireguy1125
asked on
NTFS Permission Changes Cause Loss of File Access
I need to repermission some folders that are presently inherting permissions from a parent level. I need to disable inheritance, and assign a new security group that only they have access to this folder and subfolders/files.
For Example.
D:\Share\Secure
Security proprties on Secure are presently set to:
CREATOR OWNER - Special - Inherited from Share - Subfolders and files only
SYSTEM - Full control- Inherited from Share - Folder, Subfolder, Files
Domain Admins - Full Control - Inherited from Share - Folder, Subfolder, Files
Domain Users - Modify - Inherited from Share - Folder, Subfolder, Files
I want to have it so the Secure folder is only accessible by a new Security group I created called Secure_Access
When I go to edit the Advanced Security Settings for Secure, I uncheck Include inheritable permissions from this objects parent, and select the copy option.
However, I have an issue when a user who is already a member of Domain Users group, and I also added them as a member of the Secure_Access group are already within the Secure folder and are working with files and have them open, when I remove the Domain Users group from accessing the Secure folder and items within it, they get denied access.
How is this the case, when the permissions they are re-assigned are the same, just part of a different group?
Would they need to be completely out of the Secure folder (check open connections on shares) in order for the permissions to apply without issue? Also, will they need to log out of their PCs at all when this change occurs, or are these permission changes immediate (which I imagine they are, but I've had instances where I changed them, and they didn't go into effect until a logout/reboot)
Thanks.
For Example.
D:\Share\Secure
Security proprties on Secure are presently set to:
CREATOR OWNER - Special - Inherited from Share - Subfolders and files only
SYSTEM - Full control- Inherited from Share - Folder, Subfolder, Files
Domain Admins - Full Control - Inherited from Share - Folder, Subfolder, Files
Domain Users - Modify - Inherited from Share - Folder, Subfolder, Files
I want to have it so the Secure folder is only accessible by a new Security group I created called Secure_Access
When I go to edit the Advanced Security Settings for Secure, I uncheck Include inheritable permissions from this objects parent, and select the copy option.
However, I have an issue when a user who is already a member of Domain Users group, and I also added them as a member of the Secure_Access group are already within the Secure folder and are working with files and have them open, when I remove the Domain Users group from accessing the Secure folder and items within it, they get denied access.
How is this the case, when the permissions they are re-assigned are the same, just part of a different group?
Would they need to be completely out of the Secure folder (check open connections on shares) in order for the permissions to apply without issue? Also, will they need to log out of their PCs at all when this change occurs, or are these permission changes immediate (which I imagine they are, but I've had instances where I changed them, and they didn't go into effect until a logout/reboot)
Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.