Win 2008 R2 File Server Share/NTFS Permissions

I've now encountered two different cases where a users permissions were changed on a folder and they shouldn't have been.  

A user's sec group, where they currently are the only member of said sec group, has been getting changed to that particular user, and permissions set to this folder only.  Security states it is inheriting these from the root of the share.

The only person with accounts able to modify sec permissions are myself and our operations director/VP of Operations who supervise our IT department (in case I get hit by a bus type thing, and one has the pw and the other has the UN).

When checking the root of the share, the permissions don't exist.

Any ideas how and why this is happening, and how to stop it?
PriorityResearchAsked:
Who is Participating?
 
Spyder2010Connect With a Mentor Commented:
Best of Luck!  I've run into strange issues in the past where Creator Owner was the culprit... normally for my file shares, I'll break inheritance at the root of the shared folder, and remove everything except for SYSTEM and Administrators(usually this is Creator Owner and Users), then add in the appropriate AD Security groups and let the rights inherit correctly from the root of the share.
0
 
Spyder2010Commented:
does the root of the share give CREATOR OWNER permissions?  If so, when a user creates a file/folder, their user object is granted explicit permissions on that file/folder
0
 
PriorityResearchAuthor Commented:
It did have creator/owner.  Would this also cause all folders between the root share and the file to change their permission?
0
 
Spyder2010Commented:
It may... if a user creates a folder/file at a lower level in the file structure, CREATOR OWNER will assign them explicit permissions to the folder/file that they just created... it may also assign(need to test this) the explicit special permissions to folders between the root and the folder/file that they created to allow them to traverse the folder structure to get to the file/folder that they just created... if it does this, it would only apply the minimum set of rights that would let the user see the folder path to the folder that they created.  Again, I'm not positive about this part, would need to test that....
0
 
PriorityResearchAuthor Commented:
I've removed creator/owner from root of the share and I'm going to reset all permissions this weekend.  I'm still curious if that's what caused this issue to arise.  I did find some newly created files in a subdirectory of the one I troubleshot this morning for a user.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.