Bizarre Permission Behavior...

[Guest]

Archived from groups: microsoft.public.win2000.file_system (More info?)

We've since migrated to Server 2003, but we need to keep an NT 4.0 BDC online
for awhile, so we are in Mixed-Mode. Problem is, strange things are
happening when you attempt to set NTFS Permissions on this NT 4.0 BDC
(Service Pack 6a).

Off of the Root of C:\ are two folders created a few moments apart as a test
to address this same problem that was discovered today:

Created Folder-1
Created Folder-2

Root Share: Everyone Full Control

Folder SHARE: Everyone Full Control on both.

NTFS Permissions on both:

Folder-1 is set for Administrator, Domain Admins at the NTFS Level. No other
Users or Groups. No one else can get in. Access denied. End of story.

Folder-2 also is set for Administrator, Domain Admins at the NTFS Level. No
other Users or Groups.

Here is where it is strange: ANYONE can breech Folder-2 across the network,
despite it's IDENTICAL permissions.

Any idea what's going on here? Same Permssions, same disk.

This has me thoroughly stumped. FWIW, this system is some seven years old;
don't know if there could be corrupted clusters causing this or not....

 

[Guest]

Archived from groups: microsoft.public.win2000.file_system (More info?)

Compare the "share" permissions of the two folders.


hth
DDS W 2k MVP MCSE

"GLT" <GLT@discussions.microsoft.com> wrote in message
news:C129269B-EADA-4232-B8A1-46B3EB6B5DE3@microsoft.com...
> We've since migrated to Server 2003, but we need to keep an NT 4.0 BDC
> online
> for awhile, so we are in Mixed-Mode. Problem is, strange things are
> happening when you attempt to set NTFS Permissions on this NT 4.0 BDC
> (Service Pack 6a).
>
> Off of the Root of C:\ are two folders created a few moments apart as a
> test
> to address this same problem that was discovered today:
>
> Created Folder-1
> Created Folder-2
>
> Root Share: Everyone Full Control
>
> Folder SHARE: Everyone Full Control on both.
>
> NTFS Permissions on both:
>
> Folder-1 is set for Administrator, Domain Admins at the NTFS Level. No
> other
> Users or Groups. No one else can get in. Access denied. End of story.
>
> Folder-2 also is set for Administrator, Domain Admins at the NTFS Level.
> No
> other Users or Groups.
>
> Here is where it is strange: ANYONE can breech Folder-2 across the
> network,
> despite it's IDENTICAL permissions.
>
> Any idea what's going on here? Same Permssions, same disk.
>
> This has me thoroughly stumped. FWIW, this system is some seven years old;
> don't know if there could be corrupted clusters causing this or not....
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.file_system (More info?)

Hi Danny,

They're identical. CACLS confirms this as well. Also, note that this is only
happening on a few random directories, plus the two I created when we first
noticed this problem. Other dirs that are locked down, are locked down good
and tight.

"Danny Sanders" wrote:

> Compare the "share" permissions of the two folders.
>
>
> hth
> DDS W 2k MVP MCSE
>
> "GLT" <GLT@discussions.microsoft.com> wrote in message
> news:C129269B-EADA-4232-B8A1-46B3EB6B5DE3@microsoft.com...
> > We've since migrated to Server 2003, but we need to keep an NT 4.0 BDC
> > online
> > for awhile, so we are in Mixed-Mode. Problem is, strange things are
> > happening when you attempt to set NTFS Permissions on this NT 4.0 BDC
> > (Service Pack 6a).
> >
> > Off of the Root of C:\ are two folders created a few moments apart as a
> > test
> > to address this same problem that was discovered today:
> >
> > Created Folder-1
> > Created Folder-2
> >
> > Root Share: Everyone Full Control
> >
> > Folder SHARE: Everyone Full Control on both.
> >
> > NTFS Permissions on both:
> >
> > Folder-1 is set for Administrator, Domain Admins at the NTFS Level. No
> > other
> > Users or Groups. No one else can get in. Access denied. End of story.
> >
> > Folder-2 also is set for Administrator, Domain Admins at the NTFS Level.
> > No
> > other Users or Groups.
> >
> > Here is where it is strange: ANYONE can breech Folder-2 across the
> > network,
> > despite it's IDENTICAL permissions.
> >
> > Any idea what's going on here? Same Permssions, same disk.
> >
> > This has me thoroughly stumped. FWIW, this system is some seven years old;
> > don't know if there could be corrupted clusters causing this or not....
> >
> >
>
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.file_system (More info?)

I once saw this at one customer, but then it was something rather
unusually...

Domain Users was a member of the administrators group in the domain.
Cute little thing

But im sure this is not your case!

/J

"GLT" <GLT@discussions.microsoft.com> wrote in message
news:C129269B-EADA-4232-B8A1-46B3EB6B5DE3@microsoft.com...
> We've since migrated to Server 2003, but we need to keep an NT 4.0 BDC
online
> for awhile, so we are in Mixed-Mode. Problem is, strange things are
> happening when you attempt to set NTFS Permissions on this NT 4.0 BDC
> (Service Pack 6a).
>
> Off of the Root of C:\ are two folders created a few moments apart as a
test
> to address this same problem that was discovered today:
>
> Created Folder-1
> Created Folder-2
>
> Root Share: Everyone Full Control
>
> Folder SHARE: Everyone Full Control on both.
>
> NTFS Permissions on both:
>
> Folder-1 is set for Administrator, Domain Admins at the NTFS Level. No
other
> Users or Groups. No one else can get in. Access denied. End of story.
>
> Folder-2 also is set for Administrator, Domain Admins at the NTFS Level.
No
> other Users or Groups.
>
> Here is where it is strange: ANYONE can breech Folder-2 across the
network,
> despite it's IDENTICAL permissions.
>
> Any idea what's going on here? Same Permssions, same disk.
>
> This has me thoroughly stumped. FWIW, this system is some seven years old;
> don't know if there could be corrupted clusters causing this or not....
>
>