Folder Permission does not take
Dear Experts,
We have this User folder on our file server (running Windows Server 2012 R2 Standard) that is having a permission issue.
Initially, it started when this user created sub-folders inside and started to organize her files by moving them into these sub-folders. Suddenly the user could not open any moved files, with "Access Denied". When we, system administrators started to check permissions and share options, we realized that the test sub-folders we created in the same locations cannot be removed by us. The ownership belongs to us, system administrators, and we have full control permission. We do not have this issue with anyone else. We tried to have the user log into the same account from another PC, same issue.
We created another user folder, but when this user creates a sub-folder inside, the same issue repeats. It seems as if something is over writing her permission, but we have thoroughly checked out this user's profile, using utilities such as AccessEnum, and also comparing the profile to other users', nothing seems to be different about this account.
Another test we have done is to share this folder with Everyone, and also to a particular user, but nothing seems to allow us to control the permission of the sub-folders, and no one, not even system administrators can open any folders inside sub-folders, or delete sub-folders. We can create or rename sub-folders, and that is it.
Please advise.
We have this User folder on our file server (running Windows Server 2012 R2 Standard) that is having a permission issue.
Initially, it started when this user created sub-folders inside and started to organize her files by moving them into these sub-folders. Suddenly the user could not open any moved files, with "Access Denied". When we, system administrators started to check permissions and share options, we realized that the test sub-folders we created in the same locations cannot be removed by us. The ownership belongs to us, system administrators, and we have full control permission. We do not have this issue with anyone else. We tried to have the user log into the same account from another PC, same issue.
We created another user folder, but when this user creates a sub-folder inside, the same issue repeats. It seems as if something is over writing her permission, but we have thoroughly checked out this user's profile, using utilities such as AccessEnum, and also comparing the profile to other users', nothing seems to be different about this account.
Another test we have done is to share this folder with Everyone, and also to a particular user, but nothing seems to allow us to control the permission of the sub-folders, and no one, not even system administrators can open any folders inside sub-folders, or delete sub-folders. We can create or rename sub-folders, and that is it.
Please advise.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
What is the error message you got? Access denied or something like that?
I'm thinking since you got an error trying to change file permissions that this issue may be that Ownership that is not being inherited by the subfolders. Try this: Go back to the Advanced Settings, but this time click "Change" up top by "Owner", put in your own user name (this is just temporary), then check "Replace owner on subcontainers and objects" and hit Apply.
If that runs without error, go back, change the owner back to whatever it is supposed to be, being sure to "Replace owner..." again, and apply that.
Now OK out of the permissions all the way, then go back in, and try editing the normal security settings and do the "Replace all child object permission entries" again.
BTW: When done, make sure your Admin groups have "FULL" permission, but your user only has "Change". NEVER NEVER NEVER give users FULL, even if it's their folder. If they had FULL, they probably messed with the permissions and caused all of this.
FULL = Change, plus the ability to mess with the permissions.
I'm thinking since you got an error trying to change file permissions that this issue may be that Ownership that is not being inherited by the subfolders. Try this: Go back to the Advanced Settings, but this time click "Change" up top by "Owner", put in your own user name (this is just temporary), then check "Replace owner on subcontainers and objects" and hit Apply.
If that runs without error, go back, change the owner back to whatever it is supposed to be, being sure to "Replace owner..." again, and apply that.
Now OK out of the permissions all the way, then go back in, and try editing the normal security settings and do the "Replace all child object permission entries" again.
BTW: When done, make sure your Admin groups have "FULL" permission, but your user only has "Change". NEVER NEVER NEVER give users FULL, even if it's their folder. If they had FULL, they probably messed with the permissions and caused all of this.
FULL = Change, plus the ability to mess with the permissions.
ASKER
Dear chirkware,
I went to reproduce the error, and realized that the problem was fixed. So your suggestion worked!
Thank you!!!
I went to reproduce the error, and realized that the problem was fixed. So your suggestion worked!
Thank you!!!
Good deal...NTFS permissions are great for locking things down, but it sure can get confusing trying to fix when they go sideways. As I mentioned in the other post, users NEVER need "Full" control. I've had to fight vendors insisting upon handing it out it for years, and I absolutely refuse as it gives the users the ability to muck around with permissions, leading to issues like what you just had. The principal of least privilege is your friend. :)
ASKER
Thank you for a quick response. No, we normally never give access to Everyone, we only did it as an extreme test, and removed it promptly. I tried your suggestion, but received a message stating that an error occurred. And also, what I don't understand is, all users (250+) are set up the same, so why only this one?