File permissions issue - You need permission to perform this action

Stephen Powers 1 Reputation point
2021-06-30T09:32:31.553+00:00

This is a very strange issue related to a dfs replicated folder.

The share in question is shared with "Everyone" with full access and permissions are applied to sub-folders using ACLs. Three groups are applied to each folder (Full access to a file administrators group, Read and execute access to a Read only group and Modify access to a Read/Write group).

All is fine in terms of creating/modifying files for the staff that have Read/Write. The issue occurs when staff that have Read/Write access try to delete a file which shows the dreaded "You need permission to perform this action". This occurs even if the file was created by the user in question. Looking at effective permissions shows the correct level of access for the user in question.

What is even more strange is that usually, staff will access these shares using an RDP session which is where the issue occurs. However, if the share is accessed directly under the same user, the file can be deleted.

My first thought was a permission issue but I'm not convinced of that now as files are able to be deleted under certain circumstances i.e. directly through the UNC path.

Any thoughts would be most welcome.

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,287 questions
{count} votes

5 answers

Sort by: Most helpful
  1. Fan Fan 15,306 Reputation points Microsoft Vendor
    2021-07-01T02:15:43.397+00:00

    Hi,

    Based on my understanding, the issue only happens when you use the RDP to access the files, right?
    If possible, would you please share a screenshot of the ACLs for the Read/Write group on the shared folder?
    If you give the Modify access to a Read/Write group only on the sub-folder, the user doesn't have permission to delete files created by other users.
    110680-715.jpg

    It is suggested to give the group delete subfolders and files permission and test the result again.

    If still fails, you may consider disable the UAC temporarily.
    If there are any progress, welcome to let us know.

    Best Regards.

    0 comments No comments

  2. Stephen Powers 1 Reputation point
    2021-07-01T07:16:27.897+00:00

    Thank you for you answer, it is most appreciated.

    Yes, you are correct in your understanding that the deletion of files is not possible when on the RDP session, connections direct to the file share allow deletions.

    Adding Delete subfolders and files made no difference and still presents the same error upon deletion.

    UAC is turned off on the orginating file server.

    I have attached below screen shots of the file permissions on the directory and an analysis of the effective permissions for an affected user on the problematic folder.

    110813-screenshot-2021-07-01-080245.jpg

    110872-screenshot-2021-07-01-080234.jpg

    110865-screenshot-2021-07-01-080701.jpg

    0 comments No comments

  3. Stephen Powers 1 Reputation point
    2021-07-01T07:50:57.64+00:00

    Also, just for clarity's sake, I thought I would post screens of the permissions from the perspective of the RDP server. Also shown is the message shown with what a test user sees trying to delete a folder/file of their own making.

    Thanks

    110816-screenshot-2021-07-01-083522.jpg

    110846-screenshot-2021-07-01-083529.jpg

    110873-screenshot-2021-07-01-083534.jpg

    110817-screenshot-2021-07-01-083706.jpg


  4. Stephen Powers 1 Reputation point
    2021-07-12T13:56:01.283+00:00

    Sorry for the late reply,

    I have narrowed this down to an issue with the friendly DNS cname alias for this server.

    Accessing this file share through the \server-name\share and \server-ip\share works fine and allows files to be deleted.

    Creating a new dns cname alias for the server also allows deletion.

    I play to delete the cname alias that has been in use and recreate it later on today.

    Strangely, there are 3 DNS cname aliases for this file server which are all working, except the one that's in use....


  5. Luis Armando González López 0 Reputation points
    2023-08-24T15:43:32.3333333+00:00

    When I got this error message I asked to my supervisor, he told me that the company just established new policies. So, they set my laptop as a exception for this new policie, after that I could get permissions to copy and create new folder and files in my external ssd(my case).

    0 comments No comments