Share via

Folders with explicit permissions having issue in Windows server 2016

Techshan 251 Reputation points
2021-04-06T20:58:39.51+00:00

Hi Team, We recently built a VM with Windows Server 2016. It contains D drive in which SQL folders under Program Files in the drive . We have provided Read only access to the following folders as per request D:\Program Files D:\SQLLog D:\TempDB D:\SQLDATA But the requester accesses the folders , the warning pops up for each folder as in the screen shot ![85011-no-access.jpg][1] When we checked the effective permissions for the particular user, the permissions are intact only as below ![85012-effectiveaccess.jpg][2] So asked the requester to recheck again but in vain. So removed the user and given permissions in advanced security tab-read, read and execute, list folders content only and all works fine Any inputs what is causing the issue? Also the effective access is changed after resetting the permissions in which Create files / write data & Create folders / append data are additionally found for the same user ((((Before resetting the permissions , these 2 Create entries are not found ) ![84988-effect2access.jpg][3] Any advice is greatly appreciated, Thanks, Regards, Swaminathan [1]: /api/attachments/85011-no-access.jpg?platform=QnA [2]: /api/attachments/85012-effectiveaccess.jpg?platform=QnA [3]: /api/attachments/84988-effect2access.jpg?platform=QnA

Windows for business | Windows Server | User experience | Other

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2021-04-07T03:03:11.623+00:00

    Hi,

    First of all , no matter how did you assign the permission to users , please confirm the 'apply to 'option was set to :this folder ,subfolders and files as following under advanced security tab :

    85057-4071.jpg

    If there are any possible that the permission was changed unexpected ,i would suggest you enable the audit policy for the files. For more details you can refer to the following link:
    https://techexpert.tips/windows/audit-deleted-files-on-windows/
    (In this link, the audit policy is for delete operation, you can change that to change permissions)

    After the audit policy was enabled , you can try to clear the permission and assign the read permission again , and audit who add the create permission
    This response contains a third-party link. We provide this link for easy reference. Microsoft cannot guarantee the validity of any information and content in this link.

    0 comments
  2. Techshan 251 Reputation points
    2021-04-07T07:35:48.913+00:00

    Hi,

    Thank you for the reply, we ensured the steps followed without any miss while applying the permissions

    We only reset the permissions as -read, read and execute, list folders content only, we are seeing this create entries .

    My question is while only read permissions assigned, instantly verifying the permissions,we see "create entries" also are shown as in the above screen shot.

    Nobody apart from us, provided or altered the access permissions, so that possibility can be ignored

    Thanks,
    Regards,
    Swaminathan

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.