RE: [ActiveDir] Permissions vanishing
Title: RE: [ActiveDir] Token Bloat Hey Joe, That script, when run, only can return a subdirectory. I tried using the flag false for the subdirectory not being monitored, but I cant get it to work. I tried, true, false, 0, 1, and 2. I cant get it to monitor a folder like M:\Data. It will monitor everything from data, through its subdirectories. Do you know how the flag is supposed to be run? I am using perl version 5.8.7. Thanks, Nate From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Monday, January 23, 2006 10:20 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Permissions vanishing Sorry for the delay, just catching back up. Had to step out and review some chapters of the 2E version of the AD Cookbook. The code is really basic, it simply sleeps until something breaks or the security is changed. You can get help on the changenotify module in the basic ActiveState Perl help as it is right in the Win32:: stuff. Just scroll to the bottom of the TOC on the left of the User Guide and then under Win32 look for ChangeNotify. Just slap that on a path and then if the security changes on anything under that path it should fire. It won't tell you what changed, just that there was a change. #=== use Win32;use Win32::ChangeNotify; $path=shift; $WatchDir = new Win32::ChangeNotify($path, 1, FILE_NOTIFY_CHANGE_SECURITY);if(!$WatchDir){ print "Failed to monitor watch directory $path\n"; print "Error: " . GetError() . "\n"; exit();}$WatchDir-reset(); $WatchDir-wait or warn "Something failed: $!\n"; print "There has been a change to the security.\n"; #=== Glad you like oldcmp! joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bahta, Nathaniel V Contractor NASIC/SCNASent: Friday, January 20, 2006 5:01 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Permissions vanishing Gil, That is a good avenue of approach, although I do not recall any GPO's that modify folder permissions, it is something I have not checked nevertheless.I will give that a look. Joe, That would be great if you had the perl code for file change/modification notification. I would greatly appreciate that. I am using your oldcmp.exe right now and putting together some perl code that parses through it to pull out host names and user names and then emails a monthly list that can be used to clean them up in AD with a cron job consisting of perl code based upon the Active Directory Cookbook's jobs.Your utilityis very useful. Thanks again. Nate Bahta From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Friday, January 20, 2006 1:13 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Permissions vanishing I concur with Gil, either something really bad is happening or the auditing isn't tight (i.e. some account doing the work is outside of the audit policy, like say you configured watch for domain users making changes and it isn't catching the secprin doing it).Verify theSACL on the folder (btw is that getting changed too?), make sure SharedData isn't a junction and taking its perms from somewhere else, set up a script to do event notification on the folder that will detect a DACL change and tell you exactly when it is occurring. On the last, if you need it, I think I have some old old old old perl code I wrote back in the 90's to dofile change notification I could try and find. A friend of mine had a project where he had to set up an auto FTP feedthat had to be fired when certain file types hit the folder so Iwhipped up aquick perl script to handle it. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil KirkpatrickSent: Thursday, January 19, 2006 2:19 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Permissions vanishing The fact that nothing showed up in the audit log is disturbing. Can you modify the ACL manually and see the audit entries that appear? Is there possibly a group policy that is changing the ACLs? -gil From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bahta, Nathaniel V Contractor NASIC/SCNASent: Thursday, January 19, 2006 11:34 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Permissions vanishing Hey everyone, I am having a issue with a cluster server that shares our our common access data drive. Every other day, the NTFS permissions on the shared clustered drive will revert to only Administrators and System having privleges. I have it set up as follows: X:\SharedData - Share permissions Authenticated Users RWX X:\SharedData - Inherited NTFS permissions Authenticated Users RX,LIST FOLDER CONTENTS Administrators F System F Every other day or so the Authenticated users vanish from the NTFS permissions. I enabled auditing on the folder for permission change, but nothing came up in the security log that stated that th
RE: [ActiveDir] Permissions vanishing
Title: RE: [ActiveDir] Token Bloat I do not know, it has been quite a while since I used it. I would recommend peeking at the help and you should find an email address of the author of the module who may be willing to answer a question on it. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bahta, Nathaniel V Contractor NASIC/SCNASent: Tuesday, January 31, 2006 8:34 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Permissions vanishing Hey Joe, That script, when run, only can return a subdirectory. I tried using the flag false for the subdirectory not being monitored, but I cant get it to work. I tried, true, false, 0, 1, and 2. I cant get it to monitor a folder like M:\Data. It will monitor everything from data, through its subdirectories. Do you know how the flag is supposed to be run? I am using perl version 5.8.7. Thanks, Nate From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Monday, January 23, 2006 10:20 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Permissions vanishing Sorry for the delay, just catching back up. Had to step out and review some chapters of the 2E version of the AD Cookbook. The code is really basic, it simply sleeps until something breaks or the security is changed. You can get help on the changenotify module in the basic ActiveState Perl help as it is right in the Win32:: stuff. Just scroll to the bottom of the TOC on the left of the User Guide and then under Win32 look for ChangeNotify. Just slap that on a path and then if the security changes on anything under that path it should fire. It won't tell you what changed, just that there was a change. #=== use Win32;use Win32::ChangeNotify; $path=shift; $WatchDir = new Win32::ChangeNotify($path, 1, FILE_NOTIFY_CHANGE_SECURITY);if(!$WatchDir){ print "Failed to monitor watch directory $path\n"; print "Error: " . GetError() . "\n"; exit();}$WatchDir-reset(); $WatchDir-wait or warn "Something failed: $!\n"; print "There has been a change to the security.\n"; #=== Glad you like oldcmp! joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bahta, Nathaniel V Contractor NASIC/SCNASent: Friday, January 20, 2006 5:01 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Permissions vanishing Gil, That is a good avenue of approach, although I do not recall any GPO's that modify folder permissions, it is something I have not checked nevertheless.I will give that a look. Joe, That would be great if you had the perl code for file change/modification notification. I would greatly appreciate that. I am using your oldcmp.exe right now and putting together some perl code that parses through it to pull out host names and user names and then emails a monthly list that can be used to clean them up in AD with a cron job consisting of perl code based upon the Active Directory Cookbook's jobs.Your utilityis very useful. Thanks again. Nate Bahta From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Friday, January 20, 2006 1:13 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Permissions vanishing I concur with Gil, either something really bad is happening or the auditing isn't tight (i.e. some account doing the work is outside of the audit policy, like say you configured watch for domain users making changes and it isn't catching the secprin doing it).Verify theSACL on the folder (btw is that getting changed too?), make sure SharedData isn't a junction and taking its perms from somewhere else, set up a script to do event notification on the folder that will detect a DACL change and tell you exactly when it is occurring. On the last, if you need it, I think I have some old old old old perl code I wrote back in the 90's to dofile change notification I could try and find. A friend of mine had a project where he had to set up an auto FTP feedthat had to be fired when certain file types hit the folder so Iwhipped up aquick perl script to handle it. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil KirkpatrickSent: Thursday, January 19, 2006 2:19 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Permissions vanishing The fact that nothing showed up in the audit log is disturbing. Can you modify the ACL manually and see the audit entries that appear? Is there possibly a group policy that is changing the ACLs? -gil From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bahta, Nathaniel V Contractor NASIC/SCNASent: Thursday, January 19, 2006 11:34 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Permissions vanishing Hey everyone, I am having a issue with a cluster server that shares our our common access data drive. Every other day, t
RE: [ActiveDir] Permissions vanishing
Title: RE: [ActiveDir] Token Bloat Sorry for the delay, just catching back up. Had to step out and review some chapters of the 2E version of the AD Cookbook. The code is really basic, it simply sleeps until something breaks or the security is changed. You can get help on the changenotify module in the basic ActiveState Perl help as it is right in the Win32:: stuff. Just scroll to the bottom of the TOC on the left of the User Guide and then under Win32 look for ChangeNotify. Just slap that on a path and then if the security changes on anything under that path it should fire. It won't tell you what changed, just that there was a change. #=== use Win32;use Win32::ChangeNotify; $path=shift; $WatchDir = new Win32::ChangeNotify($path, 1, FILE_NOTIFY_CHANGE_SECURITY);if(!$WatchDir){ print "Failed to monitor watch directory $path\n"; print "Error: " . GetError() . "\n"; exit();}$WatchDir-reset(); $WatchDir-wait or warn "Something failed: $!\n"; print "There has been a change to the security.\n"; #=== Glad you like oldcmp! joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bahta, Nathaniel V Contractor NASIC/SCNASent: Friday, January 20, 2006 5:01 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Permissions vanishing Gil, That is a good avenue of approach, although I do not recall any GPO's that modify folder permissions, it is something I have not checked nevertheless.I will give that a look. Joe, That would be great if you had the perl code for file change/modification notification. I would greatly appreciate that. I am using your oldcmp.exe right now and putting together some perl code that parses through it to pull out host names and user names and then emails a monthly list that can be used to clean them up in AD with a cron job consisting of perl code based upon the Active Directory Cookbook's jobs.Your utilityis very useful. Thanks again. Nate Bahta From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Friday, January 20, 2006 1:13 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Permissions vanishing I concur with Gil, either something really bad is happening or the auditing isn't tight (i.e. some account doing the work is outside of the audit policy, like say you configured watch for domain users making changes and it isn't catching the secprin doing it).Verify theSACL on the folder (btw is that getting changed too?), make sure SharedData isn't a junction and taking its perms from somewhere else, set up a script to do event notification on the folder that will detect a DACL change and tell you exactly when it is occurring. On the last, if you need it, I think I have some old old old old perl code I wrote back in the 90's to dofile change notification I could try and find. A friend of mine had a project where he had to set up an auto FTP feedthat had to be fired when certain file types hit the folder so Iwhipped up aquick perl script to handle it. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil KirkpatrickSent: Thursday, January 19, 2006 2:19 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Permissions vanishing The fact that nothing showed up in the audit log is disturbing. Can you modify the ACL manually and see the audit entries that appear? Is there possibly a group policy that is changing the ACLs? -gil From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bahta, Nathaniel V Contractor NASIC/SCNASent: Thursday, January 19, 2006 11:34 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Permissions vanishing Hey everyone, I am having a issue with a cluster server that shares our our common access data drive. Every other day, the NTFS permissions on the shared clustered drive will revert to only Administrators and System having privleges. I have it set up as follows: X:\SharedData - Share permissions Authenticated Users RWX X:\SharedData - Inherited NTFS permissions Authenticated Users RX,LIST FOLDER CONTENTS Administrators F System F Every other day or so the Authenticated users vanish from the NTFS permissions. I enabled auditing on the folder for permission change, but nothing came up in the security log that stated that the permissions had changed. Any ideas? I would appreciate anything anyone had to suggest. Thanks, Nate
RE: [ActiveDir] Permissions vanishing
Title: RE: [ActiveDir] Token Bloat Gil, That is a good avenue of approach, although I do not recall any GPO's that modify folder permissions, it is something I have not checked nevertheless.I will give that a look. Joe, That would be great if you had the perl code for file change/modification notification. I would greatly appreciate that. I am using your oldcmp.exe right now and putting together some perl code that parses through it to pull out host names and user names and then emails a monthly list that can be used to clean them up in AD with a cron job consisting of perl code based upon the Active Directory Cookbook's jobs.Your utilityis very useful. Thanks again. Nate Bahta From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Friday, January 20, 2006 1:13 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Permissions vanishing I concur with Gil, either something really bad is happening or the auditing isn't tight (i.e. some account doing the work is outside of the audit policy, like say you configured watch for domain users making changes and it isn't catching the secprin doing it).Verify theSACL on the folder (btw is that getting changed too?), make sure SharedData isn't a junction and taking its perms from somewhere else, set up a script to do event notification on the folder that will detect a DACL change and tell you exactly when it is occurring. On the last, if you need it, I think I have some old old old old perl code I wrote back in the 90's to dofile change notification I could try and find. A friend of mine had a project where he had to set up an auto FTP feedthat had to be fired when certain file types hit the folder so Iwhipped up aquick perl script to handle it. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil KirkpatrickSent: Thursday, January 19, 2006 2:19 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Permissions vanishing The fact that nothing showed up in the audit log is disturbing. Can you modify the ACL manually and see the audit entries that appear? Is there possibly a group policy that is changing the ACLs? -gil From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bahta, Nathaniel V Contractor NASIC/SCNASent: Thursday, January 19, 2006 11:34 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Permissions vanishing Hey everyone, I am having a issue with a cluster server that shares our our common access data drive. Every other day, the NTFS permissions on the shared clustered drive will revert to only Administrators and System having privleges. I have it set up as follows: X:\SharedData - Share permissions Authenticated Users RWX X:\SharedData - Inherited NTFS permissions Authenticated Users RX,LIST FOLDER CONTENTS Administrators F System F Every other day or so the Authenticated users vanish from the NTFS permissions. I enabled auditing on the folder for permission change, but nothing came up in the security log that stated that the permissions had changed. Any ideas? I would appreciate anything anyone had to suggest. Thanks, Nate
RE: [ActiveDir] Permissions vanishing
Title: RE: [ActiveDir] Token Bloat The fact that nothing showed up in the audit log is disturbing. Can you modify the ACL manually and see the audit entries that appear? Is there possibly a group policy that is changing the ACLs? -gil From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bahta, Nathaniel V Contractor NASIC/SCNASent: Thursday, January 19, 2006 11:34 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Permissions vanishing Hey everyone, I am having a issue with a cluster server that shares our our common access data drive. Every other day, the NTFS permissions on the shared clustered drive will revert to only Administrators and System having privleges. I have it set up as follows: X:\SharedData - Share permissions Authenticated Users RWX X:\SharedData - Inherited NTFS permissions Authenticated Users RX,LIST FOLDER CONTENTS Administrators F System F Every other day or so the Authenticated users vanish from the NTFS permissions. I enabled auditing on the folder for permission change, but nothing came up in the security log that stated that the permissions had changed. Any ideas? I would appreciate anything anyone had to suggest. Thanks, Nate
RE: [ActiveDir] Permissions vanishing
Title: RE: [ActiveDir] Token Bloat I concur with Gil, either something really bad is happening or the auditing isn't tight (i.e. some account doing the work is outside of the audit policy, like say you configured watch for domain users making changes and it isn't catching the secprin doing it).Verify theSACL on the folder (btw is that getting changed too?), make sure SharedData isn't a junction and taking its perms from somewhere else, set up a script to do event notification on the folder that will detect a DACL change and tell you exactly when it is occurring. On the last, if you need it, I think I have some old old old old perl code I wrote back in the 90's to dofile change notification I could try and find. A friend of mine had a project where he had to set up an auto FTP feedthat had to be fired when certain file types hit the folder so Iwhipped up aquick perl script to handle it. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil KirkpatrickSent: Thursday, January 19, 2006 2:19 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Permissions vanishing The fact that nothing showed up in the audit log is disturbing. Can you modify the ACL manually and see the audit entries that appear? Is there possibly a group policy that is changing the ACLs? -gil From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bahta, Nathaniel V Contractor NASIC/SCNASent: Thursday, January 19, 2006 11:34 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Permissions vanishing Hey everyone, I am having a issue with a cluster server that shares our our common access data drive. Every other day, the NTFS permissions on the shared clustered drive will revert to only Administrators and System having privleges. I have it set up as follows: X:\SharedData - Share permissions Authenticated Users RWX X:\SharedData - Inherited NTFS permissions Authenticated Users RX,LIST FOLDER CONTENTS Administrators F System F Every other day or so the Authenticated users vanish from the NTFS permissions. I enabled auditing on the folder for permission change, but nothing came up in the security log that stated that the permissions had changed. Any ideas? I would appreciate anything anyone had to suggest. Thanks, Nate