?
Solved

NTFS Permission Changes Cause Loss of File Access

Posted on 2013-06-12
1
Medium Priority
?
655 Views
Last Modified: 2013-06-12
I need to repermission some folders that are presently inherting permissions from a parent level.  I need to disable inheritance, and assign a new security group that only they have access to this folder and subfolders/files.

For Example.

D:\Share\Secure

Security proprties on Secure are presently set to:

CREATOR OWNER - Special - Inherited from Share - Subfolders and files only
SYSTEM - Full control- Inherited from Share - Folder, Subfolder, Files
Domain Admins - Full Control - Inherited from Share - Folder, Subfolder, Files
Domain Users - Modify - Inherited from Share - Folder, Subfolder, Files

I want to have it so the Secure folder is only accessible by a new Security group I created called Secure_Access

When I go to edit the Advanced Security Settings for Secure, I uncheck Include inheritable permissions from this objects parent, and select the copy option.

However, I have an issue when a user who is already a member of Domain Users group, and I also added them as a member of the Secure_Access group are already within the Secure folder and are working with files and have them open, when I remove the Domain Users group from accessing the Secure folder and items within it, they get denied access.  

How is this the case, when the permissions they are re-assigned are the same, just part of a different group?

Would they need to be completely out of the Secure folder (check open connections on shares) in order for the permissions to apply without issue?  Also, will they need to log out of their PCs at all when this change occurs, or are these permission changes immediate (which I imagine they are, but I've had instances where I changed them, and they didn't go into effect until a logout/reboot)

Thanks.
0
Comment
Question by:fireguy1125
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 85

Accepted Solution

by:
oBdA earned 2000 total points
ID: 39242174
An NTFS permission change does not require a re-logon (as you noticed when the users were denied access while you were changing permissions).
A change in group membership, though, does require the user to log out and back in, because the security token that contains his group membership will only be refreshed during logon.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This program is used to assist in finding and resolving common problems with wireless connections.
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question