Announcement

Collapse
No announcement yet.

Domain Server Access Issue

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Domain Server Access Issue

    Hi,

    I am running a Windows 2003 domain at home and I am having an access issue, specifically the ability to rename files or do anything much else with them.

    I can't remember exactly what happened but the domain server collapsed (blue-screened) about 3 months ago and I rebuilt it very quickly migrating my client PC's across to the new domain and setting everything up much the same way as I did before. I was fortunate inasmuch as my data disks were not affected (I had tape backups anyway) so I rebuilt the server slightly better and migrated the data across to a RAID controller (both source and data were NTFS, I mention that because I think transfer of rights from old domain to new may be the issue). I have a share full of MP3's (all legal) and I try to organise these very logically and herein lies the problem.

    If I try to rename files I have put there since the new server was built I have no problem but if I try to rename files that existed before or are put there by another user I have problems and get the following error:

    "cannot rename xxxx.fil: access is denied"
    "Make sure that the disk is not full or write-protected and that the file is not currently in use"

    Now I have tried to reassign both share, security & ownership rights over the various folders and sub-folders etc. but I noticed that although the "Current owner of this item" (Properties  Security  Advanced  Owner) changes to the requested user or group (I have an MP3 Editing group set up and put my userid and my oldest daughters in it, the userid's do not have admin rights but didn't need them pre-server collapse) and the user/group appears in the dialog below whilst making the change when I revisit the dialog it is missing from the list.

    Broadly speaking I think this is some kind of carryover rights issue from the old domain but I am not sure so I am wondering what others think? If you think it is what I suspect than does anyone have any idea how I can correct it ... the only way I know how is to move the files to a FAT32 partition and back which I believe will strip away any existing permissions on them.

    Thanks in advance

    Kyu
    J C Rocks (An Aspiring Author's Journey)
    The Abyssal Void War: Stars, Hide Your Fires

  • #2
    Re: Domain Server Access Issue

    Security in NTFS is bassed on a SID and not on username.
    You reinstalled your server and domain, so new sid are created.
    You have to takle ownership (take ownership of all subfolders and objects) of all the files again, and reenforce your new security groups.
    [Powershell]
    Start-DayDream
    Set-Location Malibu Beach
    Get-Drink
    Lay-Back
    Start-Sleep
    ....
    Wake-Up!
    Resume-Service
    Write-Warning
    [/Powershell]

    BLOG: Therealshrimp.blogspot.com

    Comment


    • #3
      Re: Domain Server Access Issue

      Stupid question, but, when you re-assign ownership over the files/folders are you checking the box that says: Replace Owner On Subcontainers and Objects?

      AND

      Do you have users/groups listed with nothing but a bunch of characters or a "?".

      You're right - it sounds like there are permissions stuck to the files based on the old policies. Seems like you should be able to remove or reset them just by taking ownership and deleting the unknown users/groups then applying new, valid, groups to the folders and files.

      Comment


      • #4
        Re: Domain Server Access Issue

        The bunch of characters you see there is the sid of a security principal (group or user) in the old domain. Because it can not be resolved to CN it shows the SID.
        Indeed you need to check "replace Owner On Subcontainers and objects" to take ownership. To reassign your security principals you have to check "replace permissions..." on the permissions tab after you have replaced the owner.
        [Powershell]
        Start-DayDream
        Set-Location Malibu Beach
        Get-Drink
        Lay-Back
        Start-Sleep
        ....
        Wake-Up!
        Resume-Service
        Write-Warning
        [/Powershell]

        BLOG: Therealshrimp.blogspot.com

        Comment


        • #5
          Re: Domain Server Access Issue

          Hi Guys,

          Yes I understand about the SID's and old domain issues and no, it is not that and yes I checked the "replace owner on subcontainers and objects" ... it seems to me that in some way the old permissions don't *want* to be replaced.

          Maybe a bit more detail is in order here.

          1. The server for the original domain crashed ... IIRC this was because I added a RAID card (XFX REVO 64 ... a driverless RAID card which provides any OS with what appears to be a single fixed disc but in fact is hardware RAID). This made some of the partitions switch order and so the server crashed ... removing the card did not recover it.
          2. The server was rebuilt from scratch on a new 160GB drive with a 300GB secondary and a 640GB RAID.
          3. I copied the data from the 300GB drive to the RAID in order to gain the speed advantages since one of the things the server does was stream video to Pinnacle ShowCenter device attached to my TV (I realise this is not the regular use for a domain controller but I only have one server so needs must

          I configured the server as follows:

          Shares for user documents (the domain has 4 users not including admin), shares for general use including a TRANSIENT share (which everyone can read or write), an MP3 share (everyone read, admin and MP3 group edit), VIDEO share (everyone read, admin and VIDEO group edit) and so on.

          I gave full share, security & ownership to each share's relevant edit group removing old domain ID's where appropriate and reduced everyone else's rights appropriately.

          Um, not quite sure what you mean by reinforce my new security groups ... I've certainly done all the usual things I can think of like taking ownership.

          What's more I added my UserID to the admin group and that ALLOWS me to edit the relevant files.

          Thanks for the suggestions anyway

          Kyu
          J C Rocks (An Aspiring Author's Journey)
          The Abyssal Void War: Stars, Hide Your Fires

          Comment

          Working...
          X