Issues applying security permissions on 2008 Server folders
I am applying new security permissions to folders on a Windows 2008 R2 file server. Using Remote Desktops, I receive access denied errors - seemingly at random. Some folders accept the changes without issue, but others generate the errors.
Alternatively, I've applied the permissions across the LAN via Windows Explorer. This process stops periodically with "unexpected network error occurred" messages. Clicking OK resumes the process until the next error comes up.
I am an administrator on the server. Ownership of the folders is with the server's Administrators group. The folders are on a partition separate from the boot partition.
I appreciate any help.
Alternatively, I've applied the permissions across the LAN via Windows Explorer. This process stops periodically with "unexpected network error occurred" messages. Clicking OK resumes the process until the next error comes up.
I am an administrator on the server. Ownership of the folders is with the server's Administrators group. The folders are on a partition separate from the boot partition.
I appreciate any help.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Lionel MM
The main question is what do you want to end up with, once we know that we can advise you what to do. For instance if you want the directory d:\test-folder to have ownership by admin group then you can run TAKEOWN /F d:\test-folde /R /A which will make the admin group owner of that directory and all files and folders under it. If you want to change permissions we can similar using icacls
ASKER
Thank you both for offering to help.
Yes, I am trying to revise permissions on folders under a network share. The Administrators group has full control on all folders and owns the folders.
The real challenge here is that these errors appear to be quite random. Sometimes, setting permission via Remote Desktop works fine. Other times, the process immediately stumbles with access denied errors. I am logged in as full administrator every time.
The same is true when setting permissions across the LAN with Windows Explorer, but the error is different. If I set permissions on a folder with few files, the process likely will succeed. If there are many files and the process takes a while, the error is likely to occur. Usually 1 to 3 "network" errors occur in succession, then the process resumes for a while.
Thanks again.
Yes, I am trying to revise permissions on folders under a network share. The Administrators group has full control on all folders and owns the folders.
The real challenge here is that these errors appear to be quite random. Sometimes, setting permission via Remote Desktop works fine. Other times, the process immediately stumbles with access denied errors. I am logged in as full administrator every time.
The same is true when setting permissions across the LAN with Windows Explorer, but the error is different. If I set permissions on a folder with few files, the process likely will succeed. If there are many files and the process takes a while, the error is likely to occur. Usually 1 to 3 "network" errors occur in succession, then the process resumes for a while.
Thanks again.
This is likely due to inconsistent ownership and/or permission in the subfolder and files. The most reliable way of resolve this is not using Windows Explore but the two command line tools I gave you. I would run the takeown command I gave you first and see if that resolves it for you. If not I would then move onto the icacls -- it will tell you specifically which files/folders failed and then you can fix those individually.
ASKER
Okay, I'll give them a try. Thanks.
ASKER
TAKEOWN seems to have worked quite well. The only "access denied" responses involved System Volume Information folders which, I gather, is expected.
ASKER
Do you know what the proper permissions are for System Volume Information folders? Is it Administrators or SYSTEM?
Thanks again
Thanks again
that is normal to get access denied and the normal owner is SYSTEM
SYSTEM:(OI)(CI)(F)
SYSTEM:(OI)(CI)(F)
ASKER
Yes, I noticed that shadow copies was not configured on this server. Enabling it changed Sys Vol folder permissions from Administrators to SYSTEM (couldn't do it manually).
I'll get to using iCACLS in a while. I'm sure that will be very helpful, too.
Thanks very much for your help.
I'll get to using iCACLS in a while. I'm sure that will be very helpful, too.
Thanks very much for your help.
ASKER
Thank you both very much.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes, I meant to apply the points the other way around. Thanks for letting me know. I'll fix it.
ASKER
I've left an inquiry with Support for how to fix the points award.
ASKER
Points corrected