Bizzare security behaviour

I have a folder on our network fileserver that is exhibiting extremely bizzare behavior. Specifically, if I log on to a Windows NT 4.0 Workstation machine, when I try to open this folder from Windows Explorer I get "Access Denied". However, if I log on to a machine running Windows XP Professional, I can open the folder without difficulty. What the hell...?!

I thought the entire POINT of security permissions being on the server is that the SERVER decides whether you can or can't access stuff, not the client. Why would using a different client OS make the slightest bit of difference? I find this really quite frightening.

The fileserver is Windows 2000 Server. User accounts are Active Domain. My user account has the following permissions to the folder:

Traverse Folder / Execute File: No
List Folder / Read Data: Yes
Read Attributes Yes
Read Extended Attributes Yes
Create Files / Write Data Yes
Create Folders / Append Data Yes
Write Attributes Yes
Write Extended Attributes Yes
Delete Subfolders and Files No
Delete No
Read Permissions Yes
Change Permissions No
Take Ownership No

No other permissions are being inherited by this folder. No other security groups to which I belong are mentioned in the permissions.

I realise that this is a pretty bizzare combination of permissions. I have no idea why it's set that way. (We have an in-house application that automatically fiddles with file permissions. I believe in this case it has set them wrong - but the application authors won't believe me because "it works in XP". <sigh>)

Somebody suggested it might be something to do with the "Bypass traverse checking" - but this option is Enabled for the group Everyone on both test machines, and yet one gives me access and the other does not.

Any help here??
.

Relevant Pages

  • Re: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file management security issues
    ... In order for Alice to Take Ownership of Bob's private folder she would ... Owner and now Bob no longer has the ability to set permissions on it. ... And Windows does have a umask-like function. ... This article contains a set of attack scenarios to demonstrate security ...
    (Full-Disclosure)
  • Re: User rights problem (Least Privilege)
    ... After giving write permission to Users group on Windows folder the ... >> I am managing a small network with Windows 2003 as DC and XP as clients. ... > inexperienced or limited user should ever have write permissions. ... > limited accounts, you can fix it to allow limited users to access the ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Modify advanced permissions using wsh on W2K Server
    ... the checkbox that applies changes made to a folder to ... parameters it requires to accomplish your permissions changes. ... >> Two lines of your gifted experience with windows ... >> In the event you had not unchecked the daylight savings time box ...
    (microsoft.public.scripting.wsh)
  • Re: Password
    ... You don't assign passwords to files in Windows XP, ... In Windows Explorer, go to Tools, Folder Options, View and uncheck ... Here you can assign or deny permissions based on user name or user ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Need to override Windows user password to access files.. Help!
    ... you can set XP Home permissions in Safe Mode. ... Open Explorer, go to Tools and Folder Options, on the view tab, scroll to ... First, go to Windows Explorer, go to Tools, select Folder ...
    (microsoft.public.windowsxp.accessibility)