-
March 21st, 2003, 05:32 AM
#1
Junior Member
2k adv server security permissions
OK, i run 2k adv server for a file server mainly, and whenever a file is put on the drive the sharing permissions change at random, normally it wipes the permissions however sometimes it will only give system access to the folder. needless to say this is really cramping my style. anyone ever heard of this or a fix for this?
thanks
shadowmaker
all problems, no matter how big, when you boil them down, endup being a microsoft issue
-
March 21st, 2003, 06:26 AM
#2
sounds like its inhertiing the rights... have you changed permissions on anything AT ALL? If you change it somewhere in the drive structure above it, it may get passed on. (like crap, it flows downhill)
Remember -
The ark was built by amatures...
The Titanic was built by professionals.
-
March 21st, 2003, 02:46 PM
#3
Junior Member
Do the permissions change pretty much immediately? If so I'd subscribe to avenger_jcc's inheritance suggestion.
If the permissions change at some point after the file is droped in there, then I'd look towards a script or similar altering the permissions.
Out of interest, is this inside a share that is managed by cluster (I notice you're running Adv Srvr)?
If you can't track it down from above, then you'll need to enable auditing on your server, and then enable auditing on your file/directory. This is a bit of a pain as it often gives you much more info than you've got time to read but should ultimately nail down the offending task/process.
[glowpurple]$ _[/glowpurple]
-
March 21st, 2003, 10:14 PM
#4
Also, if anyone is a domain admin in a w2k domain, they can take ownership of a folder and then change permissions on that folder.
N00b> STFU i r teh 1337 (english: You must be mistaken, good sir or madam. I believe myself to be quite a good player. On an unrelated matter, I also apparently enjoy math.)
-
March 21st, 2003, 10:51 PM
#5
Junior Member
Strictly speaking though CXGJarrod, you don't need to be a domain admin to do that, anyone who is a member of the local administrators group on the server (which does of course include domain admins, but could also include others) could take ownership.
I'd still suggest putting in auditing to see whats going on. Even an admin who takes ownership, then resets the permissions will be logged. If they clear the sec.log then you'll see that they cleared the sec.log as the first event in the newly cleared sec.log (provided of course you've not set the sec.log to overwrite when full, but then you're asking for trouble if you do that....)
[glowpurple]$ _[/glowpurple]
-
March 21st, 2003, 11:24 PM
#6
SysDrop: I was just trying to give an example, but you are correct....
N00b> STFU i r teh 1337 (english: You must be mistaken, good sir or madam. I believe myself to be quite a good player. On an unrelated matter, I also apparently enjoy math.)
-
March 22nd, 2003, 12:07 AM
#7
One of the biggest problems I have seen is users who prepare files under "Desktop" on their local machine (NT4/ Win2k, NTFS), then move/copy them to the server.
When you copy files in NT / Win2k, it attempts to copy the permissions. It often fails to do so, because the files were originally owned by a local user who doesn't exist on the server. In this case, the files end up with severely limited access.
Encourage people not to prepare files under "Desktop" - as this directory is normally restricted. Either encourage users to prepare files directly on the server or in another, unprotected directory locally, then when they move them to the server the permissions will be more appropriate.
-
March 22nd, 2003, 12:22 AM
#8
Files NTFS permissions are *preserved* when copied or moved on the *same volume ("drive")*.
Files NTFS permissions are *inherited from parent directory* when copied or moved to a *diffrent volume ("drive")*
Hope this clears things up.
Ammo
Credit travels up, blame travels down -- The Boss
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|