Solved

NTFS Permission Issue on network share

Posted on 2015-02-19
4
197 Views
Last Modified: 2015-02-20
Greetings.

We have a network share, Users ... mapped as "U" drive for end users.
It's an iSCSI mapped drive on a Windows Server 2008R2 system.

The "share" is permissioned fine .... Everyone "Full"

The NTFS permissions are as follows:
-System (Full)
-Domain Admins (Full)
-Domain Users (List)

Each subfolder is permissioned only with System (Full), Domain Admins (Full), and the particular user (Full)

Every so often ... random, but maybe once or twice a year ... Domain Users, and thus the "List" permission, disappears from the root.  I do not know why this is occurring.  I am the only Domain Admin in the joint.

This is generally not an issue, because the U: drive is mapped directly to the subfolder.

This *is* an issue when some of our users need to use our web-based SSL VPN, which maps the root.  Users then browse to their own folder.  Without "List", they get an error even accessing the root.

Any ideas ?  Maybe VSS or some other process is removing Domain Users from the root.

Thanks.
-Stephen
0
Comment
Question by:lapavoni
4 Comments
 
LVL 35

Assisted Solution

by:Mahesh
Mahesh earned 250 total points
ID: 40620918
As far as I know there is no process designed to remove existing user access from NTFS \ Share ACL

Check if you have any schedule task runs which can call utilities like ICACLs \ Subinacl \ SetAcl and removes those permissions
OR may be somebody manually do that

Above powerful utilities are able to do that

Might be you should have any standard user \ group full control permissions on share root and they might removed it accidently
U can change those permissions from full control to modify and see..
0
 
LVL 24

Expert Comment

by:lionelmm
ID: 40621885
I can only tel you that this happens to me too, it is very frustrating and I have been dealing with it on one of my clients servers in particular and I am the only Admin too. I too cannot find a cause or reason so although I can't offer a solution, it is not unique to you.
0
 
LVL 23

Accepted Solution

by:
Coralon earned 250 total points
ID: 40622371
I would turn on auditing on that share looking for the permissions change on the object.  You can add a script to the system to sweep the eventlog frequently (say once a minute) and have it email you when the correct event occurs.  Be sure that you do *not* set that auditing permission to inherit, or you will be flooded with useless events.

Coralon
0
 

Author Closing Comment

by:lapavoni
ID: 40622374
I had one task scheduled for a non-existent utility that used to monitor large file transfers. Don't think that caused the problem. I can enable auditing and wait a few months to see if/when it recurs :-)   Thanks, both.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now