File Server Permission Woes

Similar Messages

• Permission and ownership in Server 2003 and 2008 file server

  I have an issue but I am not sure if these are the designs of the file server permissions. I have one user who has the modify rights to modify/read and create folders in a share folder. In the share folder, she had created a subfolder; so she should
  be the owner of the subfolder and her security permission is modify. By right, modify does not have the rights to assign the permission to other users but as owner, she does. Does this mean that the folder owner supersede the security? And is this possible
  to avoid this? eg. folder owner but does not have the rights to assign permissions to other user to access. Thanks a lot.

  Hi Thim,
  >>Does this mean that the folder owner supersede the security?
  If the user is the Owner of the folder, he or she should have Full Control permissions to the folder,
  which means the user can do anything to the folder.
  >>And is this possible to avoid this? eg. folder owner but does not have the rights to assign permissions to other user to access.
  As far as I know, unless we deprive the user of the ownership, we can't achieve this.
  Regarding file and folder permissions, the following article can be referred to for more information.
  File and Folder Permissions
  http://technet.microsoft.com/en-us/library/cc732880.aspx
  Best regards,
  Frank Shen

• Windows Server 2012 R2 robocopy not copying inherited directory permission from source file server to destination ?

  Can anyone here please help me with Robocopy on Windows Server 2012 R2 to copy the file server content from \\OldFileServer\Data share into the local S:\Data drive ?
  here's my script that I use to copy 11 TB of file server contents:
  robocopy.exe "\\OLDFILESERVER\Data" S:\Data *.* /E /SECFIX /SEC /XO /ZB /COPYALL /MIR /DCOPY:DAT /R:0 /W:0 /NP /NFL /NDL /TEE /LOG:"G:\robocopy.log"
  Any kind of help and assistance would be greatly appreciated.
  Thanks
  /* Server Support Specialist */

  Hi,
  Based on my tests, inherited permissions will not be copied using robocopy.exe.
  That’s because that after we copy or move an objects to another volume, the object inherits the permissions of its new parent folder.
  My suggestion for you is to disable the inheritance on corresponding subfolders, and Convert inherited permissions into explicit permissions on this object. After that, those permissions can be copied.
  Here are some references below for you:
  Robocopy not copying NTFS permissions
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/b36748cd-14d1-47a5-9fb6-878ca93ad6fc/robocopy-not-copying-ntfs-permissions
  How permissions are handled when you copy and move files and folders
  http://support.microsoft.com/kb/310316
  Powershell ACL commands? NTFS Permissions - Turn inherited permissions into explicit permissions and remove inheritance
  http://social.technet.microsoft.com/Forums/scriptcenter/en-US/884e2837-ec1d-4937-83a5-722cd00d7d16/powershell-acl-commands-ntfs-permissions-turn-inherited-permissions-into-explicit-permissions-and?forum=ITCG
  Best Regards,
  Amy

• Approx 700 Files being deleted from file server (server 2003) without permission

  Hello,
  We had a problem with files being deleted from our file server.
  We lost approx. 700 files across approx. 40 directories from the file date codes between Nov. 30 2014 and Dec 3, 2014. All files before this date were not touch.
  Our Dec. 1 backup had all of the files. Our Dec. 5 backup only have files before Sept. 1 2014 and after Dec. 3, 2014.
  My question is how can this happen without going to each directory and sorted my date cade and delecting files from this date range.
  Does anyone have any other ideals on how this could of happen?
  Thank You
  Bert

  Hi,
  I suggest you enable file system auditing to find out the cause of this issue.
  AD DS Auditing Step-by-Step Guide
  http://technet.microsoft.com/en-us/library/cc731607(v=WS.10).aspx
  Planning and Deploying Advanced Security Audit Policies
  http://technet.microsoft.com/en-us/library/ee513968(v=WS.10).aspx
  Best Regards,
  Amy
  Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Source path too long :-Unable to delete mutiple number of folder and files from windows 2008 R2 file server

  Hi Team,
  we have a file server on windows server 2008 R2, I have copied some data from one server to another server using robocopy . I have checked access permission it seems okay no issues with access permission. but when i am trying to delete these folder i am
  getting below error message
  Error message:- 
  The source file name are larger than is supported by the file system.try moving to a location which has a shorter path name or try renaming to shortcut names before attempting this operations
  Regards,
  Triyambak 
  Regards, Triyambak

  I have tried everything , but nothing help , getting same error 
  could any one help me regarding this.
  Regards, Triyambak
  I have not looked at the other thread mentioned, but usually when this ends up happening, There are several ways to go about it.    One is to map a drive to the UNC path deeper into the folder structure.   
  So instead of C:\long\path\that\we\dont\want\files\in
  You map a drive.. lets say M:\   to     \\computer\c$\long\path\that\we\dont\want
  Now, when you open Explorer to M:\ you've elimintated the length of the path down to M:\files\in which is completely usable.
  The other way, is to shorten the names of everything.    For example...
  Folder structure like this:
  Root
  -----Folder1
  -----Folder2
  --------------Folder2A
  -----Folder3
  --------------Folder3A
  Rename all the folders to shorten up the path.     Rename Folder1 to '1' Rename Folder2 to '2', Rename folder3 to '3.    Then try to delete.  If it's still too long,  go one folder deeper.   Rename Folder2A to '1'  and
  Rename Folder3A to '1' and so on.     Basically keep renaming everything to a single digit character and eventually you'll shrink the path down to where you can shift-delete everything remaining.
  Hope that helps.    
  Brian / ChevyNovaLN

• Migrate File Server data from one volume to another

  I am looking for the best way to handle this situation. We have a VHD that has a 4KB cluster size that is getting close to the 16TB mark so no expanding past that due to the cluster size. In the past whenever i needed to pull this off i would preload as
  much data as possible with robocopy, then during a maintenance window take the share offline, do a refresh with robocopy then flip everything that i needed to flip drive letter and share setup etc.
  I have the space to do a complete copy like this so that is not an issue. But other things to keep in mind are the data is deduplicated so we are talking 20TB total. The other is the backup of the File Server is done at a file level with DPM so DPM will
  see this as a new volume and be an issue.
  At this point i have time to plan and am just looking for ideas.

  Hi,
  If you want to copy files/folders from one Volume to another volume, you could use the File Server Migration Tool (FSMT) or Robocopy to accomplish.
  The tool can move all of the files from the shares on your original volume to the new volume.
  FSMT and Robocopy will not copy Share permissions but only NTFS permissions. So if the drive letter will not be changed, you can backup and restore the Share permission with steps here:
  Saving and restoring existing Windows shares
  http://support.microsoft.com/kb/125996
  Regards.
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Auditing file server setup issues - nfs permissions

  I have half-dozen Solaris 10 workstations requiring Solaris Auditing enabled and audit files saved. I used a spare Solaris 10 system with 2-72GB disks and formatted 2nd disk for entired 72GB. I shared out the 72GB partition on this system and modified /etc/security/audit_control on a test Solaris 10 W/S to use the shared-out partition on Audit file server as primary audit directory. Following directions in Solaris 10 Admin Gde I chmod -R 750 the mount pt using the 72GB partition before sharing out the partition. However, all client W/S's that I enable Auditing would not use the 72GB partition on file server until I went back and chmod 777 the partition and rebooting file server. Also, on any client that I have enabled Auditng to use nfs-mounted 72GB partion on file server I cannot as a non-root user issue a "df -k" command without getting error:
  df: cannot statvfs /var/audit/fmaud.1/files: Permission denied
  Is this normal or did I miss a chmod step or two in setting up Audit clients and/or Audit file server?

  The roundcube db schema needs to setup manually. See /usr/share/webapps/roundcube/INSTALL
  Also, from your /etc/webapps/postfixadmin/config.inc.php:
  $CONF['domain_path'] = 'NO';
  $CONF['domain_in_mailbox'] = 'YES';
  $CONF['maildir_name_hook'] = 'NO';
  ..which results in /var/mail/vmail/[email protected]
  From your dovecot.conf
  mail_home = /var/mail/vmail/%d/%u
  ...which results in /var/mail/vmail/domain.com/user
  That doesn't fit together.

• Can anyone help me?Creating the shadow copies in the file server cluster ,there are some errors occured, OS version is WSS 2012

  I construct a failover cluster(file server,AP module) for sharing files by WSS 2012,and I want to use the shadow copies to backup my data,but when making  a shadow copies on the volume which  is added to the cluster(not the CSV,just add
  it to the cluster and use it to share files,it plays the role of file server),there are some errors occured, these errors result in the shadow copies failed,error likes the following pictures:
  1: the disk F is added to the cluster,first I make the shadow copies by click the right key of mouse on the disk F,and chouse the configeration shadow copies,and click the settings, then click the schedule , and I wait just a few seconds, the error is appeared,like
  this picture 1, the wait operation timed out,and then ,
  I click the schedule button once again,a different error occured,like the following picture," the object already exists",if i don't set the schedule at first ,use the default shedule,and click the enable button also the same  error must 
  accure
  but the only diffrence is that, a shadow copy time point is created, also ,you can make the shadow copies by click " create now", that is creating the shadow copies manually. Although it can succesfully make the shadow copies, but when I select
  a time point to revert, error  occured, "A volume that contains operating system files or resides on a cluster shared disk cannot be reverted" 
  In a word,all the errors above make the shadow copies by schedulling failed,except making the shadow copies manually,but what makes me confused is that I have ever maked the shadow copies succesfully by schedul a policy,I don't know what makes it succesful,
  it's small probability, most of time ,it's failed.No matter what kind of situation, revert must be failed.
  I'm sorry for my pool english , it's the first time for me getting help in forum by english ,I don't know if I descripe my question clearly, also ,other method like the link
  http://technet.microsoft.com/en-us/library/cc784118(v=ws.10).aspx I have tried,but the same errors occured.Can anyone tell me How can I make the shadow copies in File Server
  cluster（AP module）？And I make a mistake in operating？ Looking forward for your reply.Thanks!

  Hi,
  Please check the following 2 places:
  HKEY_LOCAL_MACHINE\Cluster\Tasks
  C:\Windows\System32\Tasks
  First please compare permission settings of the folder C:\Windows\System32\Tasks with a working computer. Correct permission settings if anything wrong. Specifically, confirm you current account do have permission on this folder.
  As it said "object already exists", find the schedules you created before, backup and delete all these schedules in both registry key and folder.
  Then test to create a new schedule to see if issue still exists.
  Meanwhile what kind of storage device you are using? The issue could occur on specific storage device, so test to enable shadow copy on a local disk to see if that will work.
  TechNet Subscriber Support in forum |If you have any feedback on our support, please contact [email protected]
  Thank you for you reply.On the local volume,all of these errors will not occur, but the volume in the file server cluser.There is no value in HKEY_LOCAL_MACHINE\Cluster\Tasks. On local volume, everything goes well about the shadow copy, so I do not
  think something is wrong about the permission settings of the folder C:\Windows\System32\Tasks.Storage device  is a SAN,we use RAID6 and provide the LUNs to the NAS engine, and the make the volume on these LUNs, Is Angthing wrong? Hope for you
  reply~~

• Allow help desk to manage open files on file server

  I am looking to delegate the ability to manage open files to our help desk users.  They are getting an increasing number of calls from users asking about files and who has them open, or to force close them..etc.
  The help desk users are not admins on our file server, therefore do not have access to RDP to the file server.  I was hoping they could do it from computer management RSAT tools on their local machine.  I just don't know how to allow them to do
  it.
  Thanks
  sb

  Hello,
  Since they are not able to RDP the FS then they should need to access files using shared folders.
  For that, you will need to share the root folder where your files are. Please give Full Control permission on it. Here, to manage their permissions, you can grant them what you want using NTFS permissions.
  Note that NTFS and Share permissions are combined and the user will be have the minimum of privileges when he access the folder as a share. For that, I recommended using FC permission on the shared folder to avoid additional management tasks.
  This
  posting is provided "AS IS" with no warranties or guarantees , and confers no rights.   
  Microsoft
  Student Partner 2010 / 2011
  Microsoft
  Certified Professional
  Microsoft
  Certified Systems Administrator: Security
  Microsoft
  Certified Systems Engineer: Security
  Microsoft
  Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
  Microsoft
  Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
  Microsoft
  Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
  Microsoft
  Certified Technology Specialist: Windows 7, Configuring
  Microsoft
  Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
  Microsoft
  Certified IT Professional: Enterprise Administrator
  Microsoft Certified IT Professional: Server Administrator
  Microsoft Certified Trainer

• File Server Migration - For ORG A Forest to ORG B Forest ( Need to create and Map Security Group automatically on new Migrated Folders - Please Help

  I have two forest With Trust works Fine .
  I have file server in ORG – A ( Forest ) with 2003 R2 Standard
  I have a File server in ORG  - B ( Forest ) With Windows server 2012 ( New Server for Migration )
  I have 1000 + folders with each different permission sets on ORG-A. We are using Security groups for providing permission on the share Folders on ORG A
  I need to Migrate  all the folders from ORG – A to ORG – B.
  I am looking for an automated method of creating Security Groups on AD during the Migration, Once the Migration is Done, I can add the required users to the security groups manually.
  Example.
  Folder 1 on ORG – A has Security Group Called SEC-FOLDER1-ORGA
  I need an automated method of Copying the files to ORG – B and Creating a new security Groups on ORG –B Forest with the same permission on parent and child Folders. I shall Add the users manually to the Group.
  Output Looks Like
  Folder 1 on ORG – B has Permission called SEC-FOLDER1-ORGB ( New Security Group )
  Also I need a summarized report of security Group Mapping, Example – Which security Group on ORGA is mapped with Security Group Of ORGB

  Hi,
  I think you can try ADMT to migrate your user group to target domain/forest first. Once user groups are migrated, you can use Robocopy to copy files with permission - that permission will continue be recognized in new domain as you migrated already. 
  Migrate Universal Groups
  http://technet.microsoft.com/en-us/library/cc974367(v=ws.10).aspx
  If you have any feedback on our support, please send to [email protected]

• Windows 2012 Standard File Server Clustering SMB Share Error: Access is denied.

  Hi All,
  My setup consist of 2 nodes clustered with File Server role.  I can successfully failover role to either node with no issues.  But if I try to modify the permissions of any file share on my file server cluster I get the following error: Error
  Occurred while updating an SMB share: Access is denied.  Access is denied.
  Now I played around with the permissions on these shares and noticed that when I add the "everyone" group to these shares with change permissions I can successfully modify the shares with no errors.  If I removed the "everyone" group
  I get the error.  So to tell its like some service or account needs permission to these shares to be able to modify them.  I don't want to keep "everyone" group on these shares.  Can anyone please shed some light on what group, user,
  or service account needs permissions on these shared in order for me to modify these SMB shares without getting Access is denied.  Thanks

  Hi,
  It seems your account don’t have the enough right to modify this clustered folder permission.
  More information:
  Create a Shared Folder in a Clustered File Server
  http://technet.microsoft.com/en-us/library/cc732302.aspx
  Hope this helps.
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• FILE.IO.PERMISSION and SOCKET.PERMISSION when calling jdev proxy from DB

  Hello everybody,
  i deployed a webservide proxy (made in jdev 10.1.3.2) to an oracle 10gR2 database. Invoking this proxy works very well when calling it (as a procedure in the database) on the same machine as the DB is running.
  But when trying to invoke the procedure remote on the DB-server from another pc i get 2 error messages (randomly):
  java.security.AccessControlException: the Permission (java.net.SocketPermission 192.168.20.1:1521 connect,resolve) has not been granted to VECOZO. The PL/SQL to grant this is dbms_java.grant_permission( 'VECOZO', 'SYS:java.net.SocketPermission', '192.168.20.1:1521', 'connect,resolve' )
  java.security.AccessControlException: the Permission (java.io.FilePermission \\WEBFS01\WEBFS01_Vecozo\Temp\Acc\MAY07 read) has not been granted to VECOZO. The PL/SQL to grant this is dbms_java.grant_permission( 'VECOZO', 'SYS:java.io.FilePermission', '\\WEBFS01\WEBFS01_Vecozo\Temp\Acc\MAY07', 'read' )
  I gave this permissions in the sys schema to the vecozo schema following the example the error produces for me, but it doesnt work! When i grant socketpermissions on the port secified by the error and i run the proxy again the db comes up with the same error, only with a different port number. I'm getting crazy here. Also the granting of the file.io permission seems to have no result.
  What is strange is that it all works when invoking the proxy locally (from the pc as where the db is running). I think this is because locally you dont need socketpermissions (as sockets are primarily for communication with other pc's). Furthermore i did not even grant the file permission when working locally in my testenvironmentand it all worked just fine. so i dont know why i suddenly need this permission when invoking the procedure on the productionserver from an external pc.
  Can somebody plz help me with this????
  greetz,
  Kim

  Anybody :)

• File Server Resources Manager not sending emails

  Appears that the SMTP settings are not being set correctly via FSRM.  Using 2012 R2
  I get the below error in the event log when I try to configure them (via options/email notifications tab).  If I click the 'send test email' button I get the test email which tells me my SMTP server is fine.  Seems like I'm getting an access
  denied message whenever I try to save the SMTP settings.  I already tried restarting the server as well as running the FSRM console using the 'run as admin' command.
  Source:  SRMSVC
  EventID:  16401
  The following access-denied assistance error configuration was modified:
  Error: 5
  Enabled: FALSE
  Client Display Flags:
  Error Message: This can occur if you don't have permission to access the file or folder, or if your computer doesn't meet security policy requirements.
  Message from the administrator of the file server:
  - Ask your manager if you're in the right security groups
  - For troubleshooting information, go to <a href="http://support.microsoft.com">Microsoft Support</a>
  If you need more help, click Request assistance.
  Email Flags: Put data owner on TO line, Put administrator on TO line, Include device claims, Include user information, Generate an event log when sending mail
  Additional To Emails:
  Email Message: For general support, contact: [Provide email address]
  For share permissions support, contact: [Provide email address]

  Hi,
  Please try to assign the "Send-as" permission from the adsiedit.msc to the user account.
  Is the SMTP server hosted on an Exchange server? If so, I suggest you ask for help from Exchange forums for better and accurate answer to the question.
  http://social.technet.microsoft.com/Forums/exchange/en-US/home?forum=exchangesvrdeploylegacy
  Regards,
  Mandy
  If you have any feedback on our support, please click
  here .
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• G5 to use as file server?

  I have an old G5 1.8DP that I want to set up in the office as a file server. I also have a Netgear ReadyNas box that I use as for RAID storage for my archive, plugged into my LAN via a Netgear gigabit switch.
  Problem is that the ReadyNas has permission problems which prevent use file sharing. Could I use the G5 as a sharepoint on my network so the other 4 Macs on the LAN can connect? If so, how would it need to be configured
  The G5 is running 10.5, wasn't sure if I would need server software to do this.
  Also, would it be possible to use the G5 as a Time Machine back-up for the other Macs?
  Lat question, could the G5 be used for office tasks if it is used a file server? Currently it's a spare machine used in emergencies.
  Any help much appreciated, my networking knowledge is pretty patchy!

  What I'm unsure of is how do I specify a central shared location and have that automounted on each machine on the network
  That's why I added the clause about it depending on your current network setup.
  If you have a series of standalone machines then that's fine, but the file server will need to have an account for each user in order for everyone to log in independently and that's where it starts to get sticky. Without a central directory users will have two accounts - one on their own machine and one on the server. You now start to get into problems with passwords (although the accounts may have the same name, users will (or could) have different passwords on the server from their local machine, and changing one does not change the other.
  With a central directory each user has one account across the network, which radically simplifies file sharing, automount, etc.
  What I'm unsure of is how do I specify a central shared location and have that automounted on each machine on the network?
  Well, the automounting is easy once the file server is setup - just mount it once and drag the icon to System Preferences -> Accounts -> (your account) -> Login Items.
  Am thinking that it may be worth my while buying OSX 10.6 server (if that will run on a PPC machine?).
  10.6 is decidedly Intel-only, so it won't run on your G5. It may be possible to pick up a copy of 10.5 server, though.
  You will also need Mac OS X Server if you have more than 10 clients in your network (Mac OS X client's filesharing is limited to 10 clients), but at that point you should consider that a brand new Mac Mini Server costs as much as the unlimited client Mac OS X Server 10.5 software...
  It would be really handy to set a TM back-up routine for all networked machines using the G5 rather than buying another NAS box, as the G5 has a spare drive bay.
  Using the server for Time Machine requires Mac OS X Server - Mac OS X client can't do that.

• Ownership of folders in file server

  Hi Guys,
  I am facing a problem with my file server. I have a file server installed windows server 2008 R2 Standard SP1 in it. There are 4 drives and almost 99% folders are created by 1st domain user account having domain admin rights.
  Because I was facing problem that 2nd domain user account having domain admin rights was not able to open, change permissions of shared folders and giving error access is denied, so I logged on with 1st domain user account having domain admin rights
  and transferred the ownership to local admin group (local admin user account resides in this group). So that I can make any kind of changes through local admin account.
  Now I can open and provide permissions on single folders through local admin account but still I cant select 'replace all child object permissions from this object' option any where while assigning permissions and getting error access denied.
  And I can see 1st domain user account having domain admin rights is still present in ownership tab with local admin group. Ownership has transferred successfully because I got no error while doing that, so what would be the solution for this?
  Is there any way we can remove unwanted owners from 'security-advanced-owner-edit' tab and can keep only one owner we want?

  Hi,
  I'm a little confuse about the process.
  Why not just logon your 1st user and give 2nd user (or Domain Admins group) Full Control permission in NTFS permission instead? Transfer Ownership is not a common step for this purpose.
  Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]