Announcement

Collapse
No announcement yet.

Severe NTFS permission issue on Server 2012

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Severe NTFS permission issue on Server 2012

    Hey,

    Might this be a new feature of 2012 I'm not aware of?

    I'm having some very hard times simply editing text files on my server.
    If Notepad++ or whatever the editor is are not run as Administrator, I cant modify the files. But if they are then I cant use the Drag and Drop feature. This counts for ANY program out there Visual Studio, SQL Management, Notepad2 etc.

    After playing a little with the files permissions I discovered that if I give the local Users account permissions or the domain Authenticated Users - it's all good. But that's it. Domain Admins doesnt cut it, neither does Administrators or any other custom group. Moreover, if I give an individual user permissions on certain files, it's also all good.

    Has anyone came across this thing?

    Thanks!

  • #2
    Re: Severe NTFS permission issue on Server 2012

    This is due to UAC. Custom groups should work as long as they are not members of protected groups.
    http://technet.microsoft.com/en-us/m...minholder.aspx

    Here's a recent post dealing with this exact issue.
    http://forums.petri.com/showthread.p...617#post275617
    Regards,
    Jeremy

    Network Consultant/Engineer
    Baltimore - Washington area and beyond
    www.gma-cpa.com

    Comment


    • #3
      Re: Severe NTFS permission issue on Server 2012

      Originally posted by JeremyW View Post
      This is due to UAC. Custom groups should work as long as they are not members of protected groups.
      http://technet.microsoft.com/en-us/m...minholder.aspx

      Here's a recent post dealing with this exact issue.
      http://forums.petri.com/showthread.p...617#post275617
      EDITED:

      Can you explain why having given permissions only to Domain Admins did not work while as giving permission to a custom group did?
      Last edited by xcalibur; 6th August 2013, 20:03.

      Comment


      • #4
        Re: Severe NTFS permission issue on Server 2012

        Originally posted by xcalibur View Post
        Can you explain why having given permissions only to Domain Admins did not work while as giving permission to a custom group did?
        The Domain Admins group is a built-in group covered by UAC. The group membership token is only present in an elevated session.

        Comment


        • #5
          Re: Severe NTFS permission issue on Server 2012

          Originally posted by xcalibur View Post
          Can you explain why having given permissions only to Domain Admins did not work while as giving permission to a custom group did?
          In the post that I linked to I explained it and I also gave a link that goes into more detail:
          Originally posted by JeremyW View Post
          ...When you log on with an administrator account you are given two access tokens, the user token and the full administrator token. The user token is stripped of the admin SIDs and access. Here's a link for more info: http://windows.microsoft.com/en-us/w...ntrol-overview
          So the user token is used unless you explicitly "Run As Administrator" the application. This holds true for running Windows Explorer which is what is used to access the files and folders.
          Regards,
          Jeremy

          Network Consultant/Engineer
          Baltimore - Washington area and beyond
          www.gma-cpa.com

          Comment


          • #6
            Re: Severe NTFS permission issue on Server 2012

            So it is a new feature afterall.

            I just tried the same thing using a 2008 server and did not receive a prompt even though only domain admins was present. That did not work the same for 2012.

            Comment


            • #7
              Re: Severe NTFS permission issue on Server 2012

              I just briefly messed around with it too and I see that the behavior is different. Thanks for posting back!
              Regards,
              Jeremy

              Network Consultant/Engineer
              Baltimore - Washington area and beyond
              www.gma-cpa.com

              Comment

              Working...
              X