nikitaGradov
New member
Hello,
let me try to describe the problem (this is my first question on this forum).
Operating system is Windows Server 2008.
There is a folder, on domain controller drive, named: FOLDER_1, and file, in this folder, named: FILE_1.
There is also OU, named: OU_1.
Members of this OU should have been granted access the folder: FOLDER_1 and file: FILE_1, as follows:
- OU_1 should granted permissions on FOLDER_1: 'MODIFY'.
- One member from OU_1, named: MEMBER_1 (MEMBER_1 has not been granted membership of any Admin group), should granted the 'Modify' permissions on a file: FILE_1
- All other members of OU_1, should granted only 'Read' and 'Read & Execute' permissions on a file: FILE_1.
I have done setting permissions as mentioned above (I'd like to point out that checkbox: 'Include inheritable permissions from this object's parent' are NOT checked, neither for MEMBER_1 nor OU_1).
All assigned permissions are verified in the 'Effective Permissions', for FILE_1, and the result was:
- OU_1 has granted permissions: 'Read' and 'Read & Execute', on FILE_1 ,
- MEMBER_1 has granted permissions: 'Modify', on FILE_1.
Also, 'Owner' for FILE_1 is set to 'Administrator'.
Furthermore, I set 'audit' on a file FILE_1: for group 'Everyone', event: 'Change permission' (Event ID = 4670).
What's happen - when users starts working, after a first access on FILE_1 (it's an .XLS file), an uncontrolled change of assigned permissions for file FILE_1 happened, WITHOUT any record in the security log !?
New permissions (in ACL for FILE_1) are:
- OU_1 get permission 'Modify' on FILE_1 (checkbox 'Include inheritable permissions from this object's parent', is now checked),
- MEMBER_1 is no longer present in the ACL.
Epilogue: all members from OU_1, have granted Modify permissions on FILE_1.
Once again: there are no any log entries about the event with EventID = 4670 (which is 'permission changed').
I'd like to point out that I:
- have checked 'Effective permissions' - given permissions are correct (for ALL members from OU_1, including MEMBER_1),
- There is a (uncontrolled) change of FILE_1 ACL without any record in the security log.
I have no idea what is causing such a behaviour? Have I do something wrong?
Appreciate for any help ...
let me try to describe the problem (this is my first question on this forum).
Operating system is Windows Server 2008.
There is a folder, on domain controller drive, named: FOLDER_1, and file, in this folder, named: FILE_1.
There is also OU, named: OU_1.
Members of this OU should have been granted access the folder: FOLDER_1 and file: FILE_1, as follows:
- OU_1 should granted permissions on FOLDER_1: 'MODIFY'.
- One member from OU_1, named: MEMBER_1 (MEMBER_1 has not been granted membership of any Admin group), should granted the 'Modify' permissions on a file: FILE_1
- All other members of OU_1, should granted only 'Read' and 'Read & Execute' permissions on a file: FILE_1.
I have done setting permissions as mentioned above (I'd like to point out that checkbox: 'Include inheritable permissions from this object's parent' are NOT checked, neither for MEMBER_1 nor OU_1).
All assigned permissions are verified in the 'Effective Permissions', for FILE_1, and the result was:
- OU_1 has granted permissions: 'Read' and 'Read & Execute', on FILE_1 ,
- MEMBER_1 has granted permissions: 'Modify', on FILE_1.
Also, 'Owner' for FILE_1 is set to 'Administrator'.
Furthermore, I set 'audit' on a file FILE_1: for group 'Everyone', event: 'Change permission' (Event ID = 4670).
What's happen - when users starts working, after a first access on FILE_1 (it's an .XLS file), an uncontrolled change of assigned permissions for file FILE_1 happened, WITHOUT any record in the security log !?
New permissions (in ACL for FILE_1) are:
- OU_1 get permission 'Modify' on FILE_1 (checkbox 'Include inheritable permissions from this object's parent', is now checked),
- MEMBER_1 is no longer present in the ACL.
Epilogue: all members from OU_1, have granted Modify permissions on FILE_1.
Once again: there are no any log entries about the event with EventID = 4670 (which is 'permission changed').
I'd like to point out that I:
- have checked 'Effective permissions' - given permissions are correct (for ALL members from OU_1, including MEMBER_1),
- There is a (uncontrolled) change of FILE_1 ACL without any record in the security log.
I have no idea what is causing such a behaviour? Have I do something wrong?
Appreciate for any help ...
