[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

NTFS Permission Issue on network share

Posted on 2015-02-19
4
Medium Priority
?
231 Views
Last Modified: 2015-02-20
Greetings.

We have a network share, Users ... mapped as "U" drive for end users.
It's an iSCSI mapped drive on a Windows Server 2008R2 system.

The "share" is permissioned fine .... Everyone "Full"

The NTFS permissions are as follows:
-System (Full)
-Domain Admins (Full)
-Domain Users (List)

Each subfolder is permissioned only with System (Full), Domain Admins (Full), and the particular user (Full)

Every so often ... random, but maybe once or twice a year ... Domain Users, and thus the "List" permission, disappears from the root.  I do not know why this is occurring.  I am the only Domain Admin in the joint.

This is generally not an issue, because the U: drive is mapped directly to the subfolder.

This *is* an issue when some of our users need to use our web-based SSL VPN, which maps the root.  Users then browse to their own folder.  Without "List", they get an error even accessing the root.

Any ideas ?  Maybe VSS or some other process is removing Domain Users from the root.

Thanks.
-Stephen
0
Comment
Question by:lapavoni
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 38

Assisted Solution

by:Mahesh
Mahesh earned 1000 total points
ID: 40620918
As far as I know there is no process designed to remove existing user access from NTFS \ Share ACL

Check if you have any schedule task runs which can call utilities like ICACLs \ Subinacl \ SetAcl and removes those permissions
OR may be somebody manually do that

Above powerful utilities are able to do that

Might be you should have any standard user \ group full control permissions on share root and they might removed it accidently
U can change those permissions from full control to modify and see..
0
 
LVL 25

Expert Comment

by:Lionel MM
ID: 40621885
I can only tel you that this happens to me too, it is very frustrating and I have been dealing with it on one of my clients servers in particular and I am the only Admin too. I too cannot find a cause or reason so although I can't offer a solution, it is not unique to you.
0
 
LVL 25

Accepted Solution

by:
Coralon earned 1000 total points
ID: 40622371
I would turn on auditing on that share looking for the permissions change on the object.  You can add a script to the system to sweep the eventlog frequently (say once a minute) and have it email you when the correct event occurs.  Be sure that you do *not* set that auditing permission to inherit, or you will be flooded with useless events.

Coralon
0
 

Author Closing Comment

by:lapavoni
ID: 40622374
I had one task scheduled for a non-existent utility that used to monitor large file transfers. Don't think that caused the problem. I can enable auditing and wait a few months to see if/when it recurs :-)   Thanks, both.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question