RE: [ActiveDir] Permissions vanishing

Thu, 19 Jan 2006 22:12:42 -0800

Title: RE: [ActiveDir] Token Bloat
I concur with Gil, either something really bad is happening or the auditing isn't tight (i.e. some account doing the work is outside of the audit policy, like say you configured watch for domain users making changes and it isn't catching the secprin doing it). Verify the SACL on the folder (btw is that getting changed too?), make sure SharedData isn't a junction and taking its perms from somewhere else, set up a script to do event notification on the folder that will detect a DACL change and tell you exactly when it is occurring. 
 
On the last, if you need it, I think I have some old old old old perl code I wrote back in the 90's to do file change notification I could try and find. A friend of mine had a project where he had to set up an auto FTP feed that had to be fired when certain file types hit the folder so I whipped up a quick perl script to handle it.  

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Thursday, January 19, 2006 2:19 PM
To: [email protected]
Subject: RE: [ActiveDir] Permissions vanishing

The fact that nothing showed up in the audit log is disturbing. Can you modify the ACL manually and see the audit entries that appear?
 
Is there possibly a group policy that is changing the ACLs?
 
-gil

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bahta, Nathaniel V Contractor NASIC/SCNA
Sent: Thursday, January 19, 2006 11:34 AM
To: [email protected]
Subject: [ActiveDir] Permissions vanishing

Hey everyone,
 
I am having a issue with a cluster server that shares our our common access data drive.  Every other day, the NTFS permissions on the shared clustered drive will revert to only Administrators and System having privleges.  I have it set up as follows:
 
X:\SharedData - Share permissions Authenticated Users RWX
 
X:\SharedData - Inherited NTFS permissions Authenticated Users RX,LIST FOLDER CONTENTS
                                                       Administrators F
                                                       System F
 
Every other day or so the Authenticated users vanish from the NTFS permissions.
 
I enabled auditing on the folder for permission change, but nothing came up in the security log that stated that the permissions had changed.
 
 
Any ideas?
 
I would appreciate anything anyone had to suggest.
 
 
Thanks,
Nate

 

Reply via email to