Solved

Win 2008 R2 File Server Share/NTFS Permissions

Posted on 2014-01-30
5
465 Views
Last Modified: 2014-04-19
I've now encountered two different cases where a users permissions were changed on a folder and they shouldn't have been.  

A user's sec group, where they currently are the only member of said sec group, has been getting changed to that particular user, and permissions set to this folder only.  Security states it is inheriting these from the root of the share.

The only person with accounts able to modify sec permissions are myself and our operations director/VP of Operations who supervise our IT department (in case I get hit by a bus type thing, and one has the pw and the other has the UN).

When checking the root of the share, the permissions don't exist.

Any ideas how and why this is happening, and how to stop it?
0
Comment
Question by:PriorityResearch
  • 3
  • 2
5 Comments
 
LVL 6

Expert Comment

by:Spyder2010
ID: 39821051
does the root of the share give CREATOR OWNER permissions?  If so, when a user creates a file/folder, their user object is granted explicit permissions on that file/folder
0
 

Author Comment

by:PriorityResearch
ID: 39821233
It did have creator/owner.  Would this also cause all folders between the root share and the file to change their permission?
0
 
LVL 6

Expert Comment

by:Spyder2010
ID: 39821254
It may... if a user creates a folder/file at a lower level in the file structure, CREATOR OWNER will assign them explicit permissions to the folder/file that they just created... it may also assign(need to test this) the explicit special permissions to folders between the root and the folder/file that they created to allow them to traverse the folder structure to get to the file/folder that they just created... if it does this, it would only apply the minimum set of rights that would let the user see the folder path to the folder that they created.  Again, I'm not positive about this part, would need to test that....
0
 

Author Comment

by:PriorityResearch
ID: 39821407
I've removed creator/owner from root of the share and I'm going to reset all permissions this weekend.  I'm still curious if that's what caused this issue to arise.  I did find some newly created files in a subdirectory of the one I troubleshot this morning for a user.
0
 
LVL 6

Accepted Solution

by:
Spyder2010 earned 500 total points
ID: 39821672
Best of Luck!  I've run into strange issues in the past where Creator Owner was the culprit... normally for my file shares, I'll break inheritance at the root of the shared folder, and remove everything except for SYSTEM and Administrators(usually this is Creator Owner and Users), then add in the appropriate AD Security groups and let the rights inherit correctly from the root of the share.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OfficeMate Freezes on login or does not load after login credentials are input.
When you try to extract and to view the contents of a Microsoft Update Standalone Package (MSU) for Windows Vista, you cannot extract the files from the MSU. Here we are going to explain how to extract those hotfix details without using any third pa…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question