Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Friday, June 22, 2018 7:39 PM
Hey there i am having an interesting problem. I have a computer which a certain user has been granted share rights too. They need to drop files on the desktop of that machine and have them available to all users. Simple right? create a network share of the public/desktop folder and then allow the user security rights to the folder.
This does work for a while. However, after some time interval that i am not sure of (could be a few weeks, or a month or some other interval) the permissions are reset, and the user loses access.
I have personally reset the permissions on the folder three times in the last few months.
There must be some automation at play here. I know its a somewhat special folder, but what the heck is reverting permissions on it? does anyone know?
I do not want to have to make the user a member of the administrators group to fix this (who do always have access to drop files here). I just want them to have write access on this one particular folder.
All replies (6)
Monday, June 25, 2018 3:14 AM
Hi,
It's hard to figure out which cause the permission changed because of various reasons, like third-party software or services or update etc.
And I am confused that any file or folder you put in a Public folder is automatically shared with the people who have access to your Public folders if you turn on the public folder. Public folder sharing is turned off by default.
You can turn it on:
1. Open Network & Internet settings via right lick the network icon in the bottom-right corner.
2. Click Network and Sharing Centre link and then click the Change advanced sharing settings link on the left side
3. Expand the All Networks profile.
4. Under Public folder sharing, select Turn on sharing so anyone with network access can read and write files in the Public folders and click on Save changes.
5. When finished, you can close Network and Sharing Center if you like.
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Monday, June 25, 2018 2:17 PM
Sorry i wasnt clear. this is a Domain user over the network, who has a network share mapped like \COMPUTER\desktop .
I do not want to allow all users to edit this folder. Only one specific user.
What does it mean "anyone with network access", does it mean "everyone" or "authenticated users"? Ideally i want to just use share permissions the same as any other folder.
i mean i suppose this policy may be the reason that the permissions are getting reset, but i would need more confirmation before i enabled this on the machine or OU.
Tuesday, June 26, 2018 7:14 AM
Yes, if you turn it on, everyone have permission to access it.
If you just want specific user to access it. Just turn it off, and then change its ACL by right click to edit its security properties.
But it's hard to figure out the root cause revert the permission.
Here I suggest you can audit this folder to see if any clue.
audit file:
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Tuesday, June 26, 2018 4:46 PM
i will enable auditing and post back when and if it has a result. thanks.
Friday, July 6, 2018 7:17 PM
I want to let you know I am expierncing the same problem. After running this command:
icacls C:\Users\Public\Desktop /grant:r "INTERACTIVE":(OI)(CI)F
which grants all users of the computer rights to read/write to this folder, those changes become undone. Inheritance isn't on, so that's not it. I think this could be part of windows maintenance scheduler. Which means there's no good way to keep these changes.
Tuesday, August 21, 2018 5:14 PM
Ah well auditing settings were reset when the permissions get reset, so it hasnt logged anything. Just went back today and looked.
I am taking the security log and dumping it to XML and searching it for the string "desktop". 0 results.
however i thought of another idea. Since it keeps resetting it, i will just make a scheduled task to apply at startup that resets the permissions.
icacls c:\users\public\desktop /grant Everyone:(CI)(F) /t /l /q
tested and it works. Apply the task at system startup and give it some kind of administrator credentials.