locked
Permissions Disappearing from Folders RRS feed

  • Question

  • We are seeing something that I would not expect to be the usual behavior in Windows.  We are running several Windows 2003 R2 servers that contain folders within which we store documents.  We have groups that we give READ only permission to that are listed under the security tab for each folder, however, anyone requiring more than READ only rights is entered directly into the security tab along with their level of rights.  Most, if not all, of the people that we add to the security tab also exist within one of the groups with READ only permissions.  What we are seeing is that a day after giving someone MODIFY rights on a folder by adding them to the security tab, their name has disappeared from the security tab and they no longer have their extended rights beyond their groups READ only rights.  Any thoughts as to why this would be happening?  Thanks! Joseph
    • Changed type David Shen Thursday, July 23, 2009 11:27 AM
    Monday, July 20, 2009 12:09 PM

Answers

  • You may have:

    1- An automated agent reseting permissions (a software, a script...)
    2- A corrupted NTFS object
    3- Another administrator on your company (maybe he's created a thread to report misteriously permissions appearing)

    Either way, auditing permission changes will do the trick. Proceed as follows:

    1- Enable auditing for oject access (secpol.msc or via policy)
    2- In the folder's security tab click on advanced, auditing.
    3- Click on Add, type Everyone and click OK.
    4- In Apply onto, select "this folder only"
    5- Check "change permissions" for successful and failed.
    6- OK

    Permission changes will appear in security event log.
    Leonardo Fagundes
    • Marked as answer by David Shen Thursday, July 23, 2009 11:31 AM
    Tuesday, July 21, 2009 3:17 PM

All replies

  • What share permissions (not ntfs) are you granting?

    The users could be messing up with permissions themselves.
    Leonardo Fagundes
    Tuesday, July 21, 2009 12:34 PM
  • Thanks for your reply Leonardo.  We do not give FULL CONTROL rights to anyone but Domain Admins.  The most that we will give is MODIFY rights, and that should not allow the user to change his/her rights on the folders.  The thing is that it is not just that their rights are changing, its that they are completely disappearing from the security tab window.
    Tuesday, July 21, 2009 12:37 PM
  • Please pick one:

    1- All ACLs disappear at once. You have to retake ownership every time.
    2- One user disappear at a time.
    3- All users disappear at once, but groups remain.

    You could enable object access to audit permission changes for this folder.


    Leonardo Fagundes
    Tuesday, July 21, 2009 1:42 PM
  • #2 please.
    Tuesday, July 21, 2009 3:01 PM
  • You may have:

    1- An automated agent reseting permissions (a software, a script...)
    2- A corrupted NTFS object
    3- Another administrator on your company (maybe he's created a thread to report misteriously permissions appearing)

    Either way, auditing permission changes will do the trick. Proceed as follows:

    1- Enable auditing for oject access (secpol.msc or via policy)
    2- In the folder's security tab click on advanced, auditing.
    3- Click on Add, type Everyone and click OK.
    4- In Apply onto, select "this folder only"
    5- Check "change permissions" for successful and failed.
    6- OK

    Permission changes will appear in security event log.
    Leonardo Fagundes
    • Marked as answer by David Shen Thursday, July 23, 2009 11:31 AM
    Tuesday, July 21, 2009 3:17 PM
  • I will try it.  Thanks for your help.
    Tuesday, July 21, 2009 3:18 PM
  • Hi

    I have similar issue, but multiple security groups are missing from security tab.

    Eg: earlier 5 department groups are there now i can see 3 of them are missing.

    before enabling auditing, like to know are there any other chances that may be causing this issue!!

    Thursday, February 14, 2013 2:05 PM