Re: Clients overwrite default AD permissions intermittantly
From: Chris (murray@apex.net)Date: 08/05/02
- Next message: : "Re: Why does my hard drive light flash all the time?"
- Previous message: Jerry Penny: "Why does my hard drive light flash all the time?"
- In reply to: BruceS: "Re: Clients overwrite default AD permissions intermittantly"
- Next in thread: Trevor Rickards: "Re: Clients overwrite default AD permissions intermittantly"
- Reply: Trevor Rickards: "Re: Clients overwrite default AD permissions intermittantly"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Chris <murray@apex.net> Date: 4 Aug 2002 19:11:15 -0500
Hey Bruce,
The "shared file array" is our file server storage volume. People save
their work from their own client computers into this structure. Domain
Users have access to most files and folders there. What I mean by
"Backup Domain" is that our backup is performed from a backup server
in another domain. I said AD permissions just to be brief. Yes, we're
using W2K server with NTFS and W2K clients/NTFS.
Here are the permissions applied to all files/folders and propagating
from the root of the shared storage volume:
Administrator > Full
Domain Admins > Full
"Backup Domain" Administrator > Full
"Backup Domain" Domain Admins > Full
Domain Users > Full
In the case of the files that overwrite our "normal" or "default"
permissions I find the above replaced with:
Administrator > Full
"User" > Full
The backup machine uses the "Backup Domain" Administrator account as
its service account.
The files in question are copied from the client machines, but not
moved around in the same "shared file array" volume.
Interestingly, The new folder the user creates at the time that the
offending files are copied into it, have the correct permissions.
Also, other files in that folder will have the "default" permissions,
same as the new folder.
I'll have to interview the user tomorrow about the folder where the
files were created. He actually got the two recent files through email
in .sit form. This is happening intermittently with only 4 out of 40
users. Some of the files are rendered images that were created on the
client machine. In one case, the user works out of his local documents
and settings "personal" folder. This may be true of the other three
users. This most recent case may have had the files in "My Documents"
which do carry the same permissions Administrator and "User" only. I
see that his current project work folders are under "My Documents".
>what are the
>permissions on the folder where the file was created
I know where you are going with this, and I understand the value of
finding out. I will. The thing is, I thought that the origin should
not ultimately matter since the files should inherit the permissions
from the volume they are writing to.
Why do these files permissions take precedence over the "default"
permissions on the volume they are being placed?
Thanks for your comments
On Sun, 04 Aug 2002 08:52:32 -0400, BruceS <bruce@senexet.com> wrote:
>Chris,
>First of all, I'm not sure what a "shared file array" is or what the
>"backup domain admins" group is, but let me make a couple comments.
>
>Since you mentioned AD permissions, I will assume we are talking about
>Windows 2000 Server with NTFS permissions. If your backups are
>performed by someone with membership in the default "Backup Operators"
>built in group, all files should be backed up regardless of security
>settings. That's the main reason to have this group. If this isn't
>working, it may be that you aren't doing backups by a member of this
>group or the default rights for the group have changed, or some deny
>permission is messing things up.
>
>It would be difficult to troubleshoot why a file doesn't have the
>desired permissions without more information (such as what are the
>permissions on the folder where the file was created, was the file moved
>from one folder to another within the same NTFS volume,ete.)
>
>-Bruce
>
>
>Chris wrote:
>
>> On a shared file array, we set permissions such that Administrator,
>> Domain Admins and Domain users, and backup domain Admins, have Full
>> access to files and folders. This propagates from the root on down to
>> all child objects. All users have local admin rights on their own
>> machines.
>>
>> In a few cases, intermittently, users place files that end up with
>> "Administrator" and their own account only, with full permissions.
>> The default permissions have been removed/replaced. This means that
>> others cannot access the files. It also makes our backups fail. We
>> have some Macs on the network but I can't make a distinct correlation
>> to them. (In a couple of cases the files passed through the Macs, but
>> not always.)
>>
>> I've talked to a couple of pros about this but they are stumped. Also,
>> I've posted this problem to other groups with no responses.
>>
>> Any ideas?
>>
>> Tnx
>>
>
- Next message: : "Re: Why does my hard drive light flash all the time?"
- Previous message: Jerry Penny: "Why does my hard drive light flash all the time?"
- In reply to: BruceS: "Re: Clients overwrite default AD permissions intermittantly"
- Next in thread: Trevor Rickards: "Re: Clients overwrite default AD permissions intermittantly"
- Reply: Trevor Rickards: "Re: Clients overwrite default AD permissions intermittantly"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
