|
#1
01-05-2006, 05:08 AM
|
|||
|
|||
User lost from ACL
I am running WinXP Pro SP2 in a Win2k Server Active Directory domain. I
recently installed a certain new application. When I tried to open the app when logged on as a domain user it failed. I added the user to the NTFS Access Control List for the folder containing the program files and give the user Modify permission. The program starts fine with this condition set. When I logon with the user account the next day the program starts and performs normally. When I try to close the program I get errors and ultimately have to use Task Manager to close the application. When this occurs I find the user is no longer included in the NTFS ACL for the folder containing the program files. Why does the user disappear from the list of users given NTFS permissions? 
|
|
#2
01-05-2006, 05:09 AM
|
|||
|
|||
|
Re: User lost from ACL
Possibly you have Group Policy in the domain that is enforcing file
permissions on that folder or even it could be happening locally with a security template that is being applied at startup or by schedule. You can use the command rsop.msc in the run box to find out what Group Policy settings are being applied to that domain computer and user. If there is a group that has necessary access permissions to the folder you may want to add the user to the group as long as he does not end up with excessive permissions/powers on the computer or in the domain. --- Steve "crmurr" <crmurr@discussions.microsoft.com> wrote in message news  43E9488-29CC-4D02-A0D8-E4E83DC8BA48@microsoft.com...>I am running WinXP Pro SP2 in a Win2k Server Active Directory domain. I > recently installed a certain new application. When I tried to open the > app > when logged on as a domain user it failed. I added the user to the NTFS > Access Control List for the folder containing the program files and give > the > user Modify permission. The program starts fine with this condition set. > > When I logon with the user account the next day the program starts and > performs normally. When I try to close the program I get errors and > ultimately have to use Task Manager to close the application. > > When this occurs I find the user is no longer included in the NTFS ACL for > the folder containing the program files. > > Why does the user disappear from the list of users given NTFS permissions? >
|
|
#3
01-05-2006, 05:09 AM
|
|||
|
|||
|
Re: User lost from ACL
Steve, thank you for the guidance. I ran rsop.msc and found the Domain
Security Policy setting was forcing folders in c:\program files to be changed to the inheritable permissions of the parent folder. I had been trying to set the permissions on the folder c:\program files\<application> folder and the policy was apparently resetting the permissions. The only solution I have found is to give the user the permissions for the entire c:\program files folder. I wonder if this is a reasonable practice. "Steven L Umbach" wrote: > Possibly you have Group Policy in the domain that is enforcing file > permissions on that folder or even it could be happening locally with a > security template that is being applied at startup or by schedule. You can > use the command rsop.msc in the run box to find out what Group Policy > settings are being applied to that domain computer and user. If there is a > group that has necessary access permissions to the folder you may want to > add the user to the group as long as he does not end up with excessive > permissions/powers on the computer or in the domain. --- Steve > > > "crmurr" <crmurr@discussions.microsoft.com> wrote in message > news 43E9488-29CC-4D02-A0D8-E4E83DC8BA48@microsoft.com...> >I am running WinXP Pro SP2 in a Win2k Server Active Directory domain. I > > recently installed a certain new application. When I tried to open the > > app > > when logged on as a domain user it failed. I added the user to the NTFS > > Access Control List for the folder containing the program files and give > > the > > user Modify permission. The program starts fine with this condition set. > > > > When I logon with the user account the next day the program starts and > > performs normally. When I try to close the program I get errors and > > ultimately have to use Task Manager to close the application. > > > > When this occurs I find the user is no longer included in the NTFS ACL for > > the folder containing the program files. > > > > Why does the user disappear from the list of users given NTFS permissions? > > > > >
|
|
#4
01-05-2006, 05:39 AM
|
|||
|
|||
|
Re: User lost from ACL
You could either talk to the powers that be and remove the domain computer
from the influence of the Group Policy that is enforcing the permissions, modify the permissions at the Group Policy level, or do what you are doing. The user right now probably has excessive permissions to the program files folder which is the least desirable option unless this particular user can be trusted to not alter the contents of the program files folder. --- Steve "crmurr" <crmurr@discussions.microsoft.com> wrote in message news:37FE6606-DE8A-403F-B208-DEAFC6A4F2DD@microsoft.com... > Steve, thank you for the guidance. I ran rsop.msc and found the Domain > Security Policy setting was forcing folders in c:\program files to be > changed > to the inheritable permissions of the parent folder. > > I had been trying to set the permissions on the folder c:\program > files\<application> folder and the policy was apparently resetting the > permissions. > > The only solution I have found is to give the user the permissions for the > entire c:\program files folder. I wonder if this is a reasonable > practice. > > > "Steven L Umbach" wrote: > >> Possibly you have Group Policy in the domain that is enforcing file >> permissions on that folder or even it could be happening locally with a >> security template that is being applied at startup or by schedule. You >> can >> use the command rsop.msc in the run box to find out what Group Policy >> settings are being applied to that domain computer and user. If there is >> a >> group that has necessary access permissions to the folder you may want to >> add the user to the group as long as he does not end up with excessive >> permissions/powers on the computer or in the domain. --- Steve >> >> >> "crmurr" <crmurr@discussions.microsoft.com> wrote in message >> news 43E9488-29CC-4D02-A0D8-E4E83DC8BA48@microsoft.com...>> >I am running WinXP Pro SP2 in a Win2k Server Active Directory domain. I >> > recently installed a certain new application. When I tried to open the >> > app >> > when logged on as a domain user it failed. I added the user to the >> > NTFS >> > Access Control List for the folder containing the program files and >> > give >> > the >> > user Modify permission. The program starts fine with this condition >> > set. >> > >> > When I logon with the user account the next day the program starts and >> > performs normally. When I try to close the program I get errors and >> > ultimately have to use Task Manager to close the application. >> > >> > When this occurs I find the user is no longer included in the NTFS ACL >> > for >> > the folder containing the program files. >> > >> > Why does the user disappear from the list of users given NTFS >> > permissions? >> > >> >> >>
|
 |
| Thread Tools | Search this Thread |
| Display Modes | |
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Error: Server rejecting sender's e-mail address | Fred | Outlook Express | 19 | 01-05-2006 04:42 PM |
| Lost user accts. | stevev | Windows XP Security Admin | 2 | 01-05-2006 05:39 AM |
| Delay opening folders caused by dcom server process launcher service | None | Windows XP Help and Support | 5 | 01-05-2006 02:46 AM |
| Long delay before Drives & Files appear in My Computer & Address Bar | shizzlenizzlator@gmail.com | Windows XP Help and Support | 3 | 01-05-2006 02:44 AM |
| Windows error message | Glo | Windows XP Basics | 41 | 01-05-2006 02:04 AM |
Linear Mode
