|
Posted by Al Dunbar on June 13, 2007, 6:25 pm
Please log in for more thread options
> This is all very bizarre...
>
> NT 4 server running under NT 4 domain called SERVER1 with an E: drive.
> Open \SERVER\E$ from a Windows XP PC and create a folder called Test.
> Look at the permissions from Windows XP and the folder doesn't appear to
> be inheriting it's permissions from the parent - the two permissions shown
> on there are not greyed out.
>
> Now log to a Windows 2003 server (terminal server in this case) with the
> same account and look at the same folder. The inherited flag is set and
> the two groups are greyed out.
What permissions are shown when you check this from the NT4 system itself?
> So this is an obvious anomaly - Windows XP is showing no inheritance
> (which is wrong as there is inheritance) and Windows 2003 is showing it
> correctly.
>
> Now carry out the same exercise on SERVER2 which is running Windows 2000
> but in the same NT 4 domain and it works as expected. Create a folder
> remotely from Windows XP and look at the permissions and the inherited
> flag is set.
>
> So the "bug" appears to be in Windows XP displaying the permissions on a
> folder hosted on an NT 4 server.
>
> All a bit strange...
Yes, it is all a bit strange - but not too surprising, given some of the
changes that were made to NTFS in the post NT4 era.
As I understand it, the earlier NTFS native to NT4 does not support dynamic
inheritance (an object's effective permissions change as the parent
container's permissions change), only static inheritance (at object creation
time, the new object inherits a copy of the container object's permissions).
That said, the later versions of windows try to show permissions in a way
that simulates dynamic inheritance, even when it does not exist. As we were
making the move from our old NT4 environment to w2k, we were advised to stop
managing permissions from NT4 once we were using w2k, as certain anomalies
could result. Or was that when we moved from w2k to w2k3? I also vaguely
seem to recall that there might have been an update required for the older
o/s to coexist with the new one in terms of how they dealt with shared NTFS
partitions.
Although it might seem useful to understand exactly what's going on here, I
think that the best way to deal with such anomalies is to do things in such
a way that you can ignore them. In your case, I would recommend phasing out
your NT4 servers in favour of w2k3, and possibly the same with your w2k
servers. You could either upgrade them in place, or bring in new servers
and robocopy the data over.
/Al
| 
XML Sitemap