Solved

NTFS Permission Issue on network share

Posted on 2015-02-19
4
210 Views
Last Modified: 2015-02-20
Greetings.

We have a network share, Users ... mapped as "U" drive for end users.
It's an iSCSI mapped drive on a Windows Server 2008R2 system.

The "share" is permissioned fine .... Everyone "Full"

The NTFS permissions are as follows:
-System (Full)
-Domain Admins (Full)
-Domain Users (List)

Each subfolder is permissioned only with System (Full), Domain Admins (Full), and the particular user (Full)

Every so often ... random, but maybe once or twice a year ... Domain Users, and thus the "List" permission, disappears from the root.  I do not know why this is occurring.  I am the only Domain Admin in the joint.

This is generally not an issue, because the U: drive is mapped directly to the subfolder.

This *is* an issue when some of our users need to use our web-based SSL VPN, which maps the root.  Users then browse to their own folder.  Without "List", they get an error even accessing the root.

Any ideas ?  Maybe VSS or some other process is removing Domain Users from the root.

Thanks.
-Stephen
0
Comment
Question by:lapavoni
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 37

Assisted Solution

by:Mahesh
Mahesh earned 250 total points
ID: 40620918
As far as I know there is no process designed to remove existing user access from NTFS \ Share ACL

Check if you have any schedule task runs which can call utilities like ICACLs \ Subinacl \ SetAcl and removes those permissions
OR may be somebody manually do that

Above powerful utilities are able to do that

Might be you should have any standard user \ group full control permissions on share root and they might removed it accidently
U can change those permissions from full control to modify and see..
0
 
LVL 25

Expert Comment

by:Lionel MM
ID: 40621885
I can only tel you that this happens to me too, it is very frustrating and I have been dealing with it on one of my clients servers in particular and I am the only Admin too. I too cannot find a cause or reason so although I can't offer a solution, it is not unique to you.
0
 
LVL 25

Accepted Solution

by:
Coralon earned 250 total points
ID: 40622371
I would turn on auditing on that share looking for the permissions change on the object.  You can add a script to the system to sweep the eventlog frequently (say once a minute) and have it email you when the correct event occurs.  Be sure that you do *not* set that auditing permission to inherit, or you will be flooded with useless events.

Coralon
0
 

Author Closing Comment

by:lapavoni
ID: 40622374
I had one task scheduled for a non-existent utility that used to monitor large file transfers. Don't think that caused the problem. I can enable auditing and wait a few months to see if/when it recurs :-)   Thanks, both.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question