|
Posted by Brian on July 12, 2006, 2:46 pm
Please log in for more thread options
Has anyone seen this before?
I have a file server that lost inherited permissions on sporadic
folders and files last night on one of its drives. Here's what they
have in common:
They are all sub-directories/files of shared folders.
The permissions remaining are Administrators group and System
Thanks,
Brian
|
|
Posted by Karl Levinson, on July 12, 2006, 6:37 pm
Please log in for more thread options
"Brian" wrote:
> Has anyone seen this before?
> I have a file server that lost inherited permissions on sporadic
> folders and files last night on one of its drives. Here's what they
> have in common:
>
> They are all sub-directories/files of shared folders.
> The permissions remaining are Administrators group and System
> Thanks,
> Brian
I've never seen that, but I'm thinking the most likely explanation are that
someone changed them at some point [perhaps by restoring from tape backup, or
accidentally moving the files to another drive and back again?], or maybe the
ACLs somehow became corrupted and should be re-applied.
--
kind regards,
Karl Levinson, CISSP, CCSA, MCSE [MS MVP]
-------------------------
Microsoft Security FAQ:
http://www.securityadmin.info
|
|
Posted by Steven L Umbach on July 12, 2006, 9:41 pm
Please log in for more thread options No I have not seen that before. Maybe some administrator was messing with
permissions? I would be sure to run Check Disk on the computer selecting the
option to automatically fix file system problems. If the problem persists I
would enable auditing of object access on the server and then audit the
folders for change permissions for success to see what is shown via object
access events for the folder in the security log. --- Steve
> Has anyone seen this before?
> I have a file server that lost inherited permissions on sporadic
> folders and files last night on one of its drives. Here's what they
> have in common:
>
> They are all sub-directories/files of shared folders.
> The permissions remaining are Administrators group and System
> Thanks,
> Brian
>
|
|
Posted by Roger Abell [MVP] on July 13, 2006, 12:35 am
Please log in for more thread options For how long had the storage area held its defined ACLing that
you say was lost ? There are only two circumstances in which
I have seen something similar (other than as a result of an action
by someone that has not been "owned up to"). One is when a
security template has been triggered to apply. The other is when
the inherited permissions were there only because they used to
exist on the content before it had been moved to a new location
on the same partition. In the move within partition scenario the
explicit permissions carry along and are retained, but the inherited
are initially carried along and eventually (at an indeterminant future
point in time) the carried along inherited permissions are removed
and the inherited permissions appropriate to the new location (if
any) become applied.
> Has anyone seen this before?
> I have a file server that lost inherited permissions on sporadic
> folders and files last night on one of its drives. Here's what they
> have in common:
>
> They are all sub-directories/files of shared folders.
> The permissions remaining are Administrators group and System
> Thanks,
> Brian
>
|
|
Posted by Brian on July 13, 2006, 1:24 pm
Please log in for more thread options Yea it has been very odd. The pattern it follows is fairly random, too
random for it to be user initiated, and it dosen't appear to be sec
template or folder/file move. The only thing different on this server
is that the admin is running Volume snapshot. I see three events in the
eventlog from the previous night. I confess I am not that savy on
Volume snapshot. They are 7001 errors. I am not sure if they are
related to the ACE loss, for the meantime I'll keep digging.
Thanks,
Brian
|
| Similar Threads | Posted | | Tool/script to walk thru all folders/shares and identify non-inherited permissions | January 5, 2007, 4:28 pm |
| Inherited Permissions disabled? | October 12, 2007, 9:16 pm |
| Server has lost inherited permissions | September 26, 2007, 7:58 am |
| Folders and permissions | September 29, 2005, 5:35 pm |
| User folders permissions. | June 7, 2007, 3:40 pm |
| Auditing folders that users dont have permissions to | July 25, 2006, 12:36 pm |
| Is there any utility to recursively delete unknown SIDs from permissions on files/folders? | November 3, 2005, 10:17 am |
| ntfs permissions, ownership, adding permissions | January 13, 2006, 2:03 pm |
| Share permissions conflicting with NTFS permissions | May 18, 2006, 1:16 pm |
| Hiding Folders | March 20, 2006, 4:26 pm |
|
XML Sitemap