This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 83%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Another engineer set Azure Files up and I have never used it before that. There is no local server for caching. Win10 machines map shares in Azure Files. They log into a Domain Controller that is an Azure VM. It has the Azure Files share mapped. That is where we make changes to "NTFS" permissions. I have a set of folders that are no allowing me to make changes to the permissions. I am logged into the server as a Domain Admin. On a traditional Windows server I can take control of a folder and force ownership and permissions to it and the folders below it. If ACLs had been corrupted on a folder or files, then doing this will replace those ACLs and life is great. In this case there are folders that I cannot get into and can't even see the Security on. If I try to take ownership from the root folder, then I just get a refusal. "Failed to enumerate objects in the container. Access is denied."
How can I change the permissions on this folder?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 64%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENR%3C/text%3E%3C/svg%3E)
Hi, we hope the below answer helped if yes please accept the answer, else please let us know if you have any further queries.
Hi, we hope the below answer helped if yes please accept the answer, else please let us know if you have any further queries.
first, use a tool like icacls or PowerShell's Get-Acl and Set-Acl cmdlets to view and manipulate NTFS permissions directly from the Domain Controller.
If you detect a problem with ACL permissions, you can try resetting the NTFS permissions on the affected folders
icacls <folder_path> /reset /T
also you can check the following
Hello Matt Tisdel,
Greetings! Welcome to Microsoft Q&A Platform.
I understand that you’re having facing issues in modifying NTFS permissions in Azure Files. Storage File Data SMB Share Contributor: Allows for read, write, and delete access on files and directories in Azure file shares. Learn more.
When NTFS permissions are updated or changed on an Azure File Share, it can take some time for the changes to propagate to all the file shares and clients that are connected to the share. This is because Azure File Shares use a distributed architecture, and changes to permissions need to be propagated across all the storage nodes that are hosting the share
Configure NTFS permissions over SMB
Please refer to the suggestion mentioned in this Q&A thread.
Azure Files supports the full set of NTFS basic and advanced permissions. You can view and configure NTFS permissions on directories and files in an Azure file share by mounting the share and then using Windows File Explorer or running the Windows icacls or Set-ACL command.
Assign share-level permissions to an identity.
Please make sure that you have assigned "Storage File Data SMB Share Elevated Contributor" role in order to be able to enable/change NTFS permissions for Azure File Share.
Share-level permissions are the high-level gatekeeper that determines whether a user can access the share. Whereas NTFS permissions act at a more granular level to determine what operations the user can do at the directory or file level. Therefore, without the correct share level permissions are required before you modify the NTFS permissions. Based on the type of AD that you are using; you can choose the right way to assign share level permission to the user or user account or for all authenticated users. Share-level permission assignments are supported for groups and users that have been synced from the Active Directory (AD) to Azure Active Directory (Azure AD) using Azure AD Connect. Confirm that groups and users being assigned share-level permissions are not unsupported "cloud-only" groups.
This article lists common problems related to Azure file share performance and provides potential causes and workarounds. To get the most value from this troubleshooting guide, we recommend first reading Understand Azure Files performance.
Additional information: 1. Use Azure Monitor: Use monitoring tools to analyze the performance and identify bottlenecks.1. You can also consider Azure File sync in this scenario: Azure File Sync, which allows you to cache Azure Files on a local Windows Server. This can improve performance for certain operations, including NTFS permission changes.
Hope this information helps! Please let us know if you have any further queries. I’m happy to assist you further.
Please "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.