Solved

Win 2008 R2 File Server Share/NTFS Permissions

Posted on 2014-01-30
5
466 Views
Last Modified: 2014-04-19
I've now encountered two different cases where a users permissions were changed on a folder and they shouldn't have been.  

A user's sec group, where they currently are the only member of said sec group, has been getting changed to that particular user, and permissions set to this folder only.  Security states it is inheriting these from the root of the share.

The only person with accounts able to modify sec permissions are myself and our operations director/VP of Operations who supervise our IT department (in case I get hit by a bus type thing, and one has the pw and the other has the UN).

When checking the root of the share, the permissions don't exist.

Any ideas how and why this is happening, and how to stop it?
0
Comment
Question by:PriorityResearch
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 6

Expert Comment

by:Spyder2010
ID: 39821051
does the root of the share give CREATOR OWNER permissions?  If so, when a user creates a file/folder, their user object is granted explicit permissions on that file/folder
0
 

Author Comment

by:PriorityResearch
ID: 39821233
It did have creator/owner.  Would this also cause all folders between the root share and the file to change their permission?
0
 
LVL 6

Expert Comment

by:Spyder2010
ID: 39821254
It may... if a user creates a folder/file at a lower level in the file structure, CREATOR OWNER will assign them explicit permissions to the folder/file that they just created... it may also assign(need to test this) the explicit special permissions to folders between the root and the folder/file that they created to allow them to traverse the folder structure to get to the file/folder that they just created... if it does this, it would only apply the minimum set of rights that would let the user see the folder path to the folder that they created.  Again, I'm not positive about this part, would need to test that....
0
 

Author Comment

by:PriorityResearch
ID: 39821407
I've removed creator/owner from root of the share and I'm going to reset all permissions this weekend.  I'm still curious if that's what caused this issue to arise.  I did find some newly created files in a subdirectory of the one I troubleshot this morning for a user.
0
 
LVL 6

Accepted Solution

by:
Spyder2010 earned 500 total points
ID: 39821672
Best of Luck!  I've run into strange issues in the past where Creator Owner was the culprit... normally for my file shares, I'll break inheritance at the root of the shared folder, and remove everything except for SYSTEM and Administrators(usually this is Creator Owner and Users), then add in the appropriate AD Security groups and let the rights inherit correctly from the root of the share.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
How to record audio from input sources to your PC – connected devices, connected preamp to record vinyl discs, streaming media, that play through your audio card: Vista, Windows 7, Windows 8, Windows 8.1 and Windows 10 – both 32 bit & 64.
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question