none
NTFS permissions altered during cut/paste operation RRS feed

  • Question

  • I had an outage yesterday which was somehow created by me. I'm not even sure how to search for this. I figured I'd reach out to your guys, you must have some in-depth knowledge about about the inter-workings of SMB and NTFS. 

    Question: How did the permissions change from source share by performing a cut/paste operation?

    Scenario: 
    \\srv1\data is really w:\o\data
    \\srv1\retired is really w:\r\retired
    Explorer.exe on client1 over SMB caused the issue.

    Cut from \\srv1\data\folder pasted at \\srv1\retired\12122019\folder

    During the process, client1 becomes unresponsive and needs to be shutdown. At that time the group 'domain users' was replaced by the 'folder' security group. 

    Service restored by re-applying the 'domain users' group to \\srv1\data

    Anybody got a clue how this could happen. I have an audit log from srv1 that describes the event. I removed the bits that describe my environment:

    Removed Group permissions: GLOAD\Domain Users (Allow: List folder / read data, Read extended attributes, Traverse folder / execute file, Read attributes, Read permissions, Synchronize) Apply onto: This folder only

    Added Group permissions: GLOAD\CD-Paper Processing Glo1 PEditor RO (Allow: List folder / read data, Read extended attributes, Traverse folder / execute file, Read attributes, Read permissions, Synchronize) Apply onto: This folder only

     

    Any help appreciated!

    Keith


    Keith

    Saturday, December 14, 2019 3:20 PM

All replies

  • What antivirus or "security solution" do you have on the client?

    Or maybe a "continuous backup", or other thing that can interfere in filesystem behavior?

    -- pa

    Saturday, December 14, 2019 11:34 PM
  • Thanks for posting!

    Sure AV is a possibility on the client. Not so much onthe server. Backups only occur nightly.

    We also use a client based DLP called Digital Guardian.

    But if either of those is the issue I wouldn't know where to begin to positively identify the issue (if I can reproduce it.)

    -Keith


    Keith

    Saturday, December 14, 2019 11:50 PM
  • Hello keithcorkran,

    Could you help to confirm the following information?

    1. What permissions of the \\srv1\data\folder and \\srv1\retired\12122019\folder have? You can check both shared permission and NTFS permission and show the result.
    2. Have you tried to access these folder from the client? You can verifying client access using WINAPI in C++ following this document.

    References:

    Verifying Client Access to a Requested Resource in C++

    Verifying Client Access with ACLs in C++

    Best regards,

    Rita


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Monday, December 16, 2019 8:12 AM
    Moderator