question

AndreaVironda-1776 avatar image
0 Votes"
AndreaVironda-1776 asked GraceHE-MSFT answered

Problem with security permissions

Hi everyone!
i'm having a trouble with accessing some files. This morning i made a back-up from my company PC to an USB HDD. We use a workgroup and we access via users managed by a server.

This afternoon i tryed to access the files from my computer at home, and I noticed I was asked to acknwledge i'm an administrator simply to access the folder in my USB HDD.

Then i noticed strange security settings on certain files: 84224-screenshot-2021-04-03-185328.jpg

On other older files I don't have any trouble entering: 84245-screenshot-2021-04-03-185901.jpg

I can't understand this behavior. We changed our server last week and new files seems to be protected in some way.
Can you kindly help me?


windows-10-networkwindows-server-security
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MotoX80 avatar image
0 Votes"
MotoX80 answered

In the images that you posted, look at the difference in security permissions. MHTE53.indd only has one account that is allowed access. For AH30.indd in addition to your account and the unknown SID, you have what I would consider to be "normal" inherited permissions for SYSTEM and Administrators. Note the color of the check marks. A gray color is an inherited permissions. A black check is a ACL that is only on that file/folder.

The account that has access to MHTE53.indd either got deleted from the PC that you took the screen image on, or is another local account on anther PC. The crypto malware may have also altered NTFS permissions and removed the inherited permissions.

Permissions can easily be reset. Set the permissions that you want on the folder D:\MarketingVMS\Opuscoli\Teste. Save these commands below as a bat file, then open an admin command prompt and run the .bat file. You should then be able to access all files.


 set badfolder="D:\MarketingVMS\Opuscoli\Teste"
 takeown /d Y /a /r /f %badfolder%
 icacls %badfolder% /reset /t 
 icacls %badfolder% /verify /t


You should also check the permissions on the WS2019 server.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MotoX80 avatar image
0 Votes"
MotoX80 answered AndreaVironda-1776 commented

That's just the SID of a local user or group from the other PC. If it's not a well known SID or an Active Directory account then your PC does not know who it is.

https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/security-identifiers-in-windows

Open a command prompt and run "whoami /user".

 C:\Temp>whoami /user
    
 USER INFORMATION
 ----------------
    
 User Name      SID
 ============== =============================================
 slick\testuser S-1-5-21-3320722524-193523071-2819253668-1018

If I grant that account some permissions on a USB HDD and then plug that drive into another PC, even though that PC might also have an account named testuser, it won't know what account S-1-5-21-3320722524-193523071-2819253668-1018 is.

· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

So that's not my problem's cause: new files i made after the server replacement are not accessible to an external PC. But old files yes.
The window appearing to me says something about read permissions. There are some sharing rules, but something among local users. When I exit the company, i shouldn't get any trouble.
What could i have done wrong?

0 Votes 0 ·
MotoX80 avatar image MotoX80 AndreaVironda-1776 ·

I'm sorry, I don't understand the question. You can use the effective access tab to analyze the permissions for a given user.

See the images in this thread.

https://docs.microsoft.com/en-us/answers/questions/333131/problem-sharing-a-folder.html

0 Votes 0 ·

simply i don't understand why i copied some files on a USB HDD amd then i wasn't able to open them in another PC. I didn't have the read permission. It never happened to me, despite the fact it was a simply copy-paste.
Singular was the fact this behavior happened for all the folders, but only for a few files, the one i created after reestablishing a WS 2019 last week after a crypto attack

0 Votes 0 ·
GraceHE-MSFT avatar image
0 Votes"
GraceHE-MSFT answered

Hi,
Thank you for posting your query. According to your description, here are some hints for you.

System.Security.Permissions Namespace
https://docs.microsoft.com/en-us/dotnet/api/system.security.permissions?view=net-5.0

Best Regards,
Grace

---If the suggestions above are helpful, please ACCEPT ANSWER. Really appreciate. This will also help others with similar issue to find this post quickly. ---

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.