• Creator
  • #2147760

    Server 2003 Security/Permission Problems


    by zack_chimento ·

    We are having rampant file and folder “access denied” issues with our windows 2003 server. Even sitting on the server logged in as local AND domain admin wont let me access the files/folders. Then I find our structural engineer CAN access the files/folders. This leaves me to believe we have bad ACL’s, permissions, or Group Policies. Three shared drives in particular contain data vital to my company. Any recommendations of exactly how to remove all permissions and security settings from these drives?
    Also, as a note, when I’ve attempted to change the permissions of the said files/folders I am told I cant set permissions as I don’t have the rights…

All Answers

  • Author
    • #2563615


      by zack_chimento ·

      In reply to Server 2003 Security/Permission Problems


    • #2563559

      Might want to watch that engineer. :)

      by bart777 ·

      In reply to Server 2003 Security/Permission Problems

      This can happen when someone takes ownership of files\folders.

      The only way to correct the situation is to take ownership as the administator (Local or domain) then reset the folder and share security.

      One thing to verify is that ONLY the administrators have Full Control access to anything. Domain users and other groups should have change rights at the NTFS level.

      So from the top level folders take ownership and have it Replace on all subfolders and files.(Check box at bottom) Let it do it’s thing. Depending on the number of files involved this could take some time. Once complete change the security on all shares to Domain Users Full control, IMPORTANT!!! ONLY DO THIS TO THE SHARE. This allows you to use NTFS to control the file access at a more granular level.
      Now change the NTFS security on the folders to what you want. Again make sure that the only groups that have Full Control at the NTFS level are the Administrive level accounts. This might also be a good time to verify that you domain administrator user group isn’t bloated with people who have no reason to be there.

      Hope this helps.

      Let us know if you have any problems.

Viewing 1 reply thread