TechRepublic|Forums|Networks

Networks

Question

  • Creator
    Topic
  • May 15, 2008 at 10:38 am #2147760

    Server 2003 Security/Permission Problems

    Locked

    by zack_chimento · about 14 years, 3 months ago

    We are having rampant file and folder “access denied” issues with our windows 2003 server. Even sitting on the server logged in as local AND domain admin wont let me access the files/folders. Then I find our structural engineer CAN access the files/folders. This leaves me to believe we have bad ACL’s, permissions, or Group Policies. Three shared drives in particular contain data vital to my company. Any recommendations of exactly how to remove all permissions and security settings from these drives?
    Also, as a note, when I’ve attempted to change the permissions of the said files/folders I am told I cant set permissions as I don’t have the rights…

    Topic is locked This conversation is currently closed to new comments.
  • Creator
    Topic

All Answers

  • Author
    Replies
    • May 15, 2008 at 10:38 am #2563615

      Clarifications

      by zack_chimento · about 14 years, 3 months ago

      In reply to Server 2003 Security/Permission Problems

      Clarifications

    • May 15, 2008 at 11:54 am #2563559

      Might want to watch that engineer. :)

      by bart777 · about 14 years, 3 months ago

      In reply to Server 2003 Security/Permission Problems

      This can happen when someone takes ownership of files\folders.

      The only way to correct the situation is to take ownership as the administator (Local or domain) then reset the folder and share security.

      One thing to verify is that ONLY the administrators have Full Control access to anything. Domain users and other groups should have change rights at the NTFS level.

      So from the top level folders take ownership and have it Replace on all subfolders and files.(Check box at bottom) Let it do it’s thing. Depending on the number of files involved this could take some time. Once complete change the security on all shares to Domain Users Full control, IMPORTANT!!! ONLY DO THIS TO THE SHARE. This allows you to use NTFS to control the file access at a more granular level.
      Now change the NTFS security on the folders to what you want. Again make sure that the only groups that have Full Control at the NTFS level are the Administrive level accounts. This might also be a good time to verify that you domain administrator user group isn’t bloated with people who have no reason to be there.

      Hope this helps.

      Let us know if you have any problems.

  • Author
    Replies
Viewing 1 reply thread