RE: [ActiveDir] Permissions vanishing
Title: RE: [ActiveDir] Token Bloat
Hey Joe,
That script, when run, only can return a
subdirectory. I tried using the flag false for the subdirectory not being
monitored, but I cant get it to work. I tried, true, false, 0, 1, and
2. I cant get it to monitor a folder like M:\Data. It will monitor
everything from data, through its subdirectories. Do you know how the flag
is supposed to be run? I am using perl version 5.8.7.
Thanks,
Nate
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
joeSent: Monday, January 23, 2006 10:20 PMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Permissions
vanishing
Sorry for the delay, just catching back up. Had to step out
and review some chapters of the 2E version of the AD Cookbook.
The code is really basic, it simply sleeps until something
breaks or the security is changed. You can get help on the changenotify module
in the basic ActiveState Perl help as it is right in the Win32:: stuff. Just
scroll to the bottom of the TOC on the left of the User Guide and then under
Win32 look for ChangeNotify. Just slap that on a path and then if the security
changes on anything under that path it should fire. It won't tell you what
changed, just that there was a change.
#===
use Win32;use Win32::ChangeNotify;
$path=shift;
$WatchDir = new Win32::ChangeNotify($path, 1,
FILE_NOTIFY_CHANGE_SECURITY);if(!$WatchDir){ print
"Failed to monitor watch directory $path\n"; print "Error: " .
GetError() . "\n";
exit();}$WatchDir-reset();
$WatchDir-wait or warn "Something failed:
$!\n";
print "There has been a change to the security.\n";
#===
Glad you like oldcmp!
joe
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bahta, Nathaniel
V Contractor NASIC/SCNASent: Friday, January 20, 2006 5:01
AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir]
Permissions vanishing
Gil,
That is a good avenue of approach, although I do not recall
any GPO's that modify folder permissions, it is something I have not checked
nevertheless.I will give that a look.
Joe,
That would be great if you had the perl code for file
change/modification notification. I would greatly appreciate that. I
am using your oldcmp.exe right now and putting together some perl code that
parses through it to pull out host names and user names and then emails a
monthly list that can be used to clean them up in AD with a cron job consisting
of perl code based upon the Active Directory Cookbook's jobs.Your
utilityis very useful. Thanks again.
Nate Bahta
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
joeSent: Friday, January 20, 2006 1:13 AMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Permissions
vanishing
I concur with Gil, either something really bad is happening
or the auditing isn't tight (i.e. some account doing the work is outside of the
audit policy, like say you configured watch for domain users making changes and
it isn't catching the secprin doing it).Verify theSACL on the folder
(btw is that getting changed too?), make sure SharedData isn't a junction and
taking its perms from somewhere else, set up a script to do event notification
on the folder that will detect a DACL change and tell you exactly when it is
occurring.
On the last, if you need it, I think I have some old old
old old perl code I wrote back in the 90's to dofile change notification I
could try and find. A friend of mine had a project where he had to set up an
auto FTP feedthat had to be fired when certain file types hit the folder
so Iwhipped up aquick perl script to handle it.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil
KirkpatrickSent: Thursday, January 19, 2006 2:19 PMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Permissions
vanishing
The fact that nothing showed up in the audit log is
disturbing. Can you modify the ACL manually and see the audit entries that
appear?
Is there possibly a group policy that is changing the
ACLs?
-gil
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bahta, Nathaniel
V Contractor NASIC/SCNASent: Thursday, January 19, 2006 11:34
AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir]
Permissions vanishing
Hey everyone,
I am having a issue with a cluster server that shares our
our common access data drive. Every other day, the NTFS permissions on the
shared clustered drive will revert to only Administrators and System having
privleges. I have it set up as follows:
X:\SharedData - Share permissions
Authenticated Users RWX
X:\SharedData - Inherited NTFS
permissions Authenticated Users RX,LIST FOLDER
CONTENTS
Administrators
F
System F
Every other day or so the Authenticated users
vanish from the NTFS permissions.
I
enabled auditing on the folder for permission change, but nothing came up in the
security log that stated that th
RE: [ActiveDir] Permissions vanishing
Title: RE: [ActiveDir] Token Bloat
I do not know, it has been quite a while since I used it. I
would recommend peeking at the help and you should find an email address of the
author of the module who may be willing to answer a question on
it.
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bahta, Nathaniel
V Contractor NASIC/SCNASent: Tuesday, January 31, 2006 8:34
AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir]
Permissions vanishing
Hey Joe,
That script, when run, only can return a
subdirectory. I tried using the flag false for the subdirectory not being
monitored, but I cant get it to work. I tried, true, false, 0, 1, and
2. I cant get it to monitor a folder like M:\Data. It will monitor
everything from data, through its subdirectories. Do you know how the flag
is supposed to be run? I am using perl version 5.8.7.
Thanks,
Nate
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
joeSent: Monday, January 23, 2006 10:20 PMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Permissions
vanishing
Sorry for the delay, just catching back up. Had to step out
and review some chapters of the 2E version of the AD Cookbook.
The code is really basic, it simply sleeps until something
breaks or the security is changed. You can get help on the changenotify module
in the basic ActiveState Perl help as it is right in the Win32:: stuff. Just
scroll to the bottom of the TOC on the left of the User Guide and then under
Win32 look for ChangeNotify. Just slap that on a path and then if the security
changes on anything under that path it should fire. It won't tell you what
changed, just that there was a change.
#===
use Win32;use Win32::ChangeNotify;
$path=shift;
$WatchDir = new Win32::ChangeNotify($path, 1,
FILE_NOTIFY_CHANGE_SECURITY);if(!$WatchDir){ print
"Failed to monitor watch directory $path\n"; print "Error: " .
GetError() . "\n";
exit();}$WatchDir-reset();
$WatchDir-wait or warn "Something failed:
$!\n";
print "There has been a change to the security.\n";
#===
Glad you like oldcmp!
joe
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bahta, Nathaniel
V Contractor NASIC/SCNASent: Friday, January 20, 2006 5:01
AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir]
Permissions vanishing
Gil,
That is a good avenue of approach, although I do not recall
any GPO's that modify folder permissions, it is something I have not checked
nevertheless.I will give that a look.
Joe,
That would be great if you had the perl code for file
change/modification notification. I would greatly appreciate that. I
am using your oldcmp.exe right now and putting together some perl code that
parses through it to pull out host names and user names and then emails a
monthly list that can be used to clean them up in AD with a cron job consisting
of perl code based upon the Active Directory Cookbook's jobs.Your
utilityis very useful. Thanks again.
Nate Bahta
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
joeSent: Friday, January 20, 2006 1:13 AMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Permissions
vanishing
I concur with Gil, either something really bad is happening
or the auditing isn't tight (i.e. some account doing the work is outside of the
audit policy, like say you configured watch for domain users making changes and
it isn't catching the secprin doing it).Verify theSACL on the folder
(btw is that getting changed too?), make sure SharedData isn't a junction and
taking its perms from somewhere else, set up a script to do event notification
on the folder that will detect a DACL change and tell you exactly when it is
occurring.
On the last, if you need it, I think I have some old old
old old perl code I wrote back in the 90's to dofile change notification I
could try and find. A friend of mine had a project where he had to set up an
auto FTP feedthat had to be fired when certain file types hit the folder
so Iwhipped up aquick perl script to handle it.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil
KirkpatrickSent: Thursday, January 19, 2006 2:19 PMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Permissions
vanishing
The fact that nothing showed up in the audit log is
disturbing. Can you modify the ACL manually and see the audit entries that
appear?
Is there possibly a group policy that is changing the
ACLs?
-gil
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bahta, Nathaniel
V Contractor NASIC/SCNASent: Thursday, January 19, 2006 11:34
AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir]
Permissions vanishing
Hey everyone,
I am having a issue with a cluster server that shares our
our common access data drive. Every other day, t
RE: [ActiveDir] Permissions vanishing
Title: RE: [ActiveDir] Token Bloat
Sorry for the delay, just catching back up. Had to step out
and review some chapters of the 2E version of the AD Cookbook.
The code is really basic, it simply sleeps until something
breaks or the security is changed. You can get help on the changenotify module
in the basic ActiveState Perl help as it is right in the Win32:: stuff. Just
scroll to the bottom of the TOC on the left of the User Guide and then under
Win32 look for ChangeNotify. Just slap that on a path and then if the security
changes on anything under that path it should fire. It won't tell you what
changed, just that there was a change.
#===
use Win32;use Win32::ChangeNotify;
$path=shift;
$WatchDir = new Win32::ChangeNotify($path, 1,
FILE_NOTIFY_CHANGE_SECURITY);if(!$WatchDir){ print
"Failed to monitor watch directory $path\n"; print "Error: " .
GetError() . "\n";
exit();}$WatchDir-reset();
$WatchDir-wait or warn "Something failed:
$!\n";
print "There has been a change to the security.\n";
#===
Glad you like oldcmp!
joe
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bahta, Nathaniel
V Contractor NASIC/SCNASent: Friday, January 20, 2006 5:01
AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir]
Permissions vanishing
Gil,
That is a good avenue of approach, although I do not recall
any GPO's that modify folder permissions, it is something I have not checked
nevertheless.I will give that a look.
Joe,
That would be great if you had the perl code for file
change/modification notification. I would greatly appreciate that. I
am using your oldcmp.exe right now and putting together some perl code that
parses through it to pull out host names and user names and then emails a
monthly list that can be used to clean them up in AD with a cron job consisting
of perl code based upon the Active Directory Cookbook's jobs.Your
utilityis very useful. Thanks again.
Nate Bahta
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
joeSent: Friday, January 20, 2006 1:13 AMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Permissions
vanishing
I concur with Gil, either something really bad is happening
or the auditing isn't tight (i.e. some account doing the work is outside of the
audit policy, like say you configured watch for domain users making changes and
it isn't catching the secprin doing it).Verify theSACL on the folder
(btw is that getting changed too?), make sure SharedData isn't a junction and
taking its perms from somewhere else, set up a script to do event notification
on the folder that will detect a DACL change and tell you exactly when it is
occurring.
On the last, if you need it, I think I have some old old
old old perl code I wrote back in the 90's to dofile change notification I
could try and find. A friend of mine had a project where he had to set up an
auto FTP feedthat had to be fired when certain file types hit the folder
so Iwhipped up aquick perl script to handle it.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil
KirkpatrickSent: Thursday, January 19, 2006 2:19 PMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Permissions
vanishing
The fact that nothing showed up in the audit log is
disturbing. Can you modify the ACL manually and see the audit entries that
appear?
Is there possibly a group policy that is changing the
ACLs?
-gil
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bahta, Nathaniel
V Contractor NASIC/SCNASent: Thursday, January 19, 2006 11:34
AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir]
Permissions vanishing
Hey everyone,
I am having a issue with a cluster server that shares our
our common access data drive. Every other day, the NTFS permissions on the
shared clustered drive will revert to only Administrators and System having
privleges. I have it set up as follows:
X:\SharedData - Share permissions
Authenticated Users RWX
X:\SharedData - Inherited NTFS
permissions Authenticated Users RX,LIST FOLDER
CONTENTS
Administrators
F
System F
Every other day or so the Authenticated users
vanish from the NTFS permissions.
I
enabled auditing on the folder for permission change, but nothing came up in the
security log that stated that the permissions had changed.
Any
ideas?
I
would appreciate anything anyone had to suggest.
Thanks,
Nate
RE: [ActiveDir] Permissions vanishing
Title: RE: [ActiveDir] Token Bloat Gil, That is a good avenue of approach, although I do not recall any GPO's that modify folder permissions, it is something I have not checked nevertheless.I will give that a look. Joe, That would be great if you had the perl code for file change/modification notification. I would greatly appreciate that. I am using your oldcmp.exe right now and putting together some perl code that parses through it to pull out host names and user names and then emails a monthly list that can be used to clean them up in AD with a cron job consisting of perl code based upon the Active Directory Cookbook's jobs.Your utilityis very useful. Thanks again. Nate Bahta From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Friday, January 20, 2006 1:13 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Permissions vanishing I concur with Gil, either something really bad is happening or the auditing isn't tight (i.e. some account doing the work is outside of the audit policy, like say you configured watch for domain users making changes and it isn't catching the secprin doing it).Verify theSACL on the folder (btw is that getting changed too?), make sure SharedData isn't a junction and taking its perms from somewhere else, set up a script to do event notification on the folder that will detect a DACL change and tell you exactly when it is occurring. On the last, if you need it, I think I have some old old old old perl code I wrote back in the 90's to dofile change notification I could try and find. A friend of mine had a project where he had to set up an auto FTP feedthat had to be fired when certain file types hit the folder so Iwhipped up aquick perl script to handle it. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil KirkpatrickSent: Thursday, January 19, 2006 2:19 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Permissions vanishing The fact that nothing showed up in the audit log is disturbing. Can you modify the ACL manually and see the audit entries that appear? Is there possibly a group policy that is changing the ACLs? -gil From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bahta, Nathaniel V Contractor NASIC/SCNASent: Thursday, January 19, 2006 11:34 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Permissions vanishing Hey everyone, I am having a issue with a cluster server that shares our our common access data drive. Every other day, the NTFS permissions on the shared clustered drive will revert to only Administrators and System having privleges. I have it set up as follows: X:\SharedData - Share permissions Authenticated Users RWX X:\SharedData - Inherited NTFS permissions Authenticated Users RX,LIST FOLDER CONTENTS Administrators F System F Every other day or so the Authenticated users vanish from the NTFS permissions. I enabled auditing on the folder for permission change, but nothing came up in the security log that stated that the permissions had changed. Any ideas? I would appreciate anything anyone had to suggest. Thanks, Nate
RE: [ActiveDir] Permissions vanishing
Title: RE: [ActiveDir] Token Bloat The fact that nothing showed up in the audit log is disturbing. Can you modify the ACL manually and see the audit entries that appear? Is there possibly a group policy that is changing the ACLs? -gil From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bahta, Nathaniel V Contractor NASIC/SCNASent: Thursday, January 19, 2006 11:34 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Permissions vanishing Hey everyone, I am having a issue with a cluster server that shares our our common access data drive. Every other day, the NTFS permissions on the shared clustered drive will revert to only Administrators and System having privleges. I have it set up as follows: X:\SharedData - Share permissions Authenticated Users RWX X:\SharedData - Inherited NTFS permissions Authenticated Users RX,LIST FOLDER CONTENTS Administrators F System F Every other day or so the Authenticated users vanish from the NTFS permissions. I enabled auditing on the folder for permission change, but nothing came up in the security log that stated that the permissions had changed. Any ideas? I would appreciate anything anyone had to suggest. Thanks, Nate
RE: [ActiveDir] Permissions vanishing
Title: RE: [ActiveDir] Token Bloat I concur with Gil, either something really bad is happening or the auditing isn't tight (i.e. some account doing the work is outside of the audit policy, like say you configured watch for domain users making changes and it isn't catching the secprin doing it).Verify theSACL on the folder (btw is that getting changed too?), make sure SharedData isn't a junction and taking its perms from somewhere else, set up a script to do event notification on the folder that will detect a DACL change and tell you exactly when it is occurring. On the last, if you need it, I think I have some old old old old perl code I wrote back in the 90's to dofile change notification I could try and find. A friend of mine had a project where he had to set up an auto FTP feedthat had to be fired when certain file types hit the folder so Iwhipped up aquick perl script to handle it. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil KirkpatrickSent: Thursday, January 19, 2006 2:19 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Permissions vanishing The fact that nothing showed up in the audit log is disturbing. Can you modify the ACL manually and see the audit entries that appear? Is there possibly a group policy that is changing the ACLs? -gil From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bahta, Nathaniel V Contractor NASIC/SCNASent: Thursday, January 19, 2006 11:34 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Permissions vanishing Hey everyone, I am having a issue with a cluster server that shares our our common access data drive. Every other day, the NTFS permissions on the shared clustered drive will revert to only Administrators and System having privleges. I have it set up as follows: X:\SharedData - Share permissions Authenticated Users RWX X:\SharedData - Inherited NTFS permissions Authenticated Users RX,LIST FOLDER CONTENTS Administrators F System F Every other day or so the Authenticated users vanish from the NTFS permissions. I enabled auditing on the folder for permission change, but nothing came up in the security log that stated that the permissions had changed. Any ideas? I would appreciate anything anyone had to suggest. Thanks, Nate
