Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Thursday, May 18, 2017 11:27 PM
So I am having a bit of a problem;
Short version:
Server 2012r2, updated
File shares are for user folder redirection
I have several files that are showing a Creator Owner on the folders, but it has no permissions listed.
At first the owner was not set properly, and that was easy enough to fix with a script, but I have tried adding permissions to creator owner and while it says it is applying them, I do not see it in the GUI.
Long version:
A while back we migrated from an old Server 2003 file server to a shiny new 2012r2 VM with lots of drive space and RAM. Overall the experience has been awesome, and everything is running much smoother. However, it has recently come to my attention that redirected user folders are not properly redirecting. Specifically the Favorites folder.
According to a few blogs, it appears that this is typically a security issue on the files where the creator owner is wrong, or creator owner does not have the permissions required (ie Full Control).
I was able to fix the owner issue (which was wrong) using a script to reset the folder name as the creator owner name. That went smoothly, but after some testing the same issue applies.
I have since run icacls [directory] /grant “CREATOR OWNER”:(OI)(CI)(IO)F /T
While that ran with minimal issues (115 errors out of ~500,000 files) I am still running into the same issue which makes me think that it didn't really apply.
Any ideas?
Thanks!
CaedenV
All replies (3)
Friday, May 19, 2017 6:01 AM ✅Answered
Hi CaedenV,
Based on my knowledge, CREATOR OWNER is a system-defined group. CREATOR OWNER is primarily for dynamic permission as people create stuff in a folder that they have conventional rights to rather than general permission.
From my personal understanding, when you do the migration. Since you move to another server. The CREATOR OWNER may not keep. I'm afraid it's better to put specific user account other than Creator Owner if possible
Best Regards,
Mary
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Friday, May 19, 2017 3:04 PM
I am less and less convinced that this is the issue. Looking at another school district they have the same behavior, but their system is working. Plus, individual users are called out with full permissions to their folders anyway which should override this issue. Plus, the old file server worked just fine, and it also shows the same blank permissions.
I still suspect it is a permissions issue of some sort, but this is not it.
Friday, May 19, 2017 6:16 PM
I found it!
So, it turned out that my permissions were right-ish, but going through this process was good as it made me silo users so they can't mess with either (or more importantly, if someone gets a crypto virus they can only mess up their own share!).
At the end of the day, the issue was in the share permissions rather than the security permissions. Because everything was pointing to a security problem I assumed it was at the file system level rather than the share level. Live an learn I guess.
Thanks for the help though!