Solved

NTFS Permission Changes Cause Loss of File Access

Posted on 2013-06-12
1
653 Views
Last Modified: 2013-06-12
I need to repermission some folders that are presently inherting permissions from a parent level.  I need to disable inheritance, and assign a new security group that only they have access to this folder and subfolders/files.

For Example.

D:\Share\Secure

Security proprties on Secure are presently set to:

CREATOR OWNER - Special - Inherited from Share - Subfolders and files only
SYSTEM - Full control- Inherited from Share - Folder, Subfolder, Files
Domain Admins - Full Control - Inherited from Share - Folder, Subfolder, Files
Domain Users - Modify - Inherited from Share - Folder, Subfolder, Files

I want to have it so the Secure folder is only accessible by a new Security group I created called Secure_Access

When I go to edit the Advanced Security Settings for Secure, I uncheck Include inheritable permissions from this objects parent, and select the copy option.

However, I have an issue when a user who is already a member of Domain Users group, and I also added them as a member of the Secure_Access group are already within the Secure folder and are working with files and have them open, when I remove the Domain Users group from accessing the Secure folder and items within it, they get denied access.  

How is this the case, when the permissions they are re-assigned are the same, just part of a different group?

Would they need to be completely out of the Secure folder (check open connections on shares) in order for the permissions to apply without issue?  Also, will they need to log out of their PCs at all when this change occurs, or are these permission changes immediate (which I imagine they are, but I've had instances where I changed them, and they didn't go into effect until a logout/reboot)

Thanks.
0
Comment
Question by:fireguy1125
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 85

Accepted Solution

by:
oBdA earned 500 total points
ID: 39242174
An NTFS permission change does not require a re-logon (as you noticed when the users were denied access while you were changing permissions).
A change in group membership, though, does require the user to log out and back in, because the security token that contains his group membership will only be refreshed during logon.
0

Featured Post

Turn Insights Into Action

You’ve already invested in ITSM tools, chat applications, automation utilities, and more. Fortify these solutions with intelligent communications so you can drive business processes forward.

With xMatters, you'll never miss a beat.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

689 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question