?
Solved

Win 2008 R2 File Server Share/NTFS Permissions

Posted on 2014-01-30
5
Medium Priority
?
471 Views
Last Modified: 2014-04-19
I've now encountered two different cases where a users permissions were changed on a folder and they shouldn't have been.  

A user's sec group, where they currently are the only member of said sec group, has been getting changed to that particular user, and permissions set to this folder only.  Security states it is inheriting these from the root of the share.

The only person with accounts able to modify sec permissions are myself and our operations director/VP of Operations who supervise our IT department (in case I get hit by a bus type thing, and one has the pw and the other has the UN).

When checking the root of the share, the permissions don't exist.

Any ideas how and why this is happening, and how to stop it?
0
Comment
Question by:PriorityResearch
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 6

Expert Comment

by:Spyder2010
ID: 39821051
does the root of the share give CREATOR OWNER permissions?  If so, when a user creates a file/folder, their user object is granted explicit permissions on that file/folder
0
 

Author Comment

by:PriorityResearch
ID: 39821233
It did have creator/owner.  Would this also cause all folders between the root share and the file to change their permission?
0
 
LVL 6

Expert Comment

by:Spyder2010
ID: 39821254
It may... if a user creates a folder/file at a lower level in the file structure, CREATOR OWNER will assign them explicit permissions to the folder/file that they just created... it may also assign(need to test this) the explicit special permissions to folders between the root and the folder/file that they created to allow them to traverse the folder structure to get to the file/folder that they just created... if it does this, it would only apply the minimum set of rights that would let the user see the folder path to the folder that they created.  Again, I'm not positive about this part, would need to test that....
0
 

Author Comment

by:PriorityResearch
ID: 39821407
I've removed creator/owner from root of the share and I'm going to reset all permissions this weekend.  I'm still curious if that's what caused this issue to arise.  I did find some newly created files in a subdirectory of the one I troubleshot this morning for a user.
0
 
LVL 6

Accepted Solution

by:
Spyder2010 earned 2000 total points
ID: 39821672
Best of Luck!  I've run into strange issues in the past where Creator Owner was the culprit... normally for my file shares, I'll break inheritance at the root of the shared folder, and remove everything except for SYSTEM and Administrators(usually this is Creator Owner and Users), then add in the appropriate AD Security groups and let the rights inherit correctly from the root of the share.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This article shows how to use a free utility called 'Parkdale' to easily test the performance and benchmark any Hard Drive(s) installed in your computer. We also look at RAM Disks and their speed comparisons.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question