Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




4741 posts

Uber Geek


#272851 20-Jul-2020 12:39
Send private message quote this post

Windows file security seem's quite buggy to me. My user has explicit authority to access a file. 

 

Yet, the user cannot access the file via remote SMB share. 

 

Eventually figured out that the owner on the folder needed to be changed, but it does not make sense. The user still had explicit security authorisation to the file. The folder owner was 'everyone'.

 

Kept getting the 'failed to enumerate' security error. 

 

Microsoft does not explain this at all in their documentation or why the folder owner takes priority over an explicit full user permissions. 

 

 

 

 

 

 


Create new topic
4046 posts

Uber Geek


  #2525998 20-Jul-2020 13:21
Send private message quote this post

NFTS permissions vs Sharing permissions?

 

One can mess up the other. And believe if they are coming in from a device that is not on the same domain/authenticated or 'anonymous'. There may be a need to give explicit user credentials to access the shares/files or there is the potential it won't enumerate the incoming users matching SAM/SIDs correctly.

 

Way I understand it, the most restricted permission wins if both are set.

 

May also come down to the folder, if it's down the chain and an inherited is harsh.


4168 posts

Uber Geek

Trusted
Lifetime subscriber

  #2526288 20-Jul-2020 22:18
Send private message quote this post

I suspect Oblivian is onto it. NTFS permissions and Sharing permissions are distinct and both need to be correct for your scenario.  If you are talking a non domain scenario with local users things are quite a bit more painful too. Also you say the user had full permission to the file, but don't say what NTFS level permissions it had to the folder. Did it also have read/list permission to the folder?





 
 
 
 




4741 posts

Uber Geek


  #2526362 21-Jul-2020 09:36
Send private message quote this post

Lias:

 

I suspect Oblivian is onto it. NTFS permissions and Sharing permissions are distinct and both need to be correct for your scenario.  If you are talking a non domain scenario with local users things are quite a bit more painful too. Also you say the user had full permission to the file, but don't say what NTFS level permissions it had to the folder. Did it also have read/list permission to the folder?

 

 

I checked the share and NTFS permissions - user has 'full authority' in both cases. 

 

To fix the problem, I changed the owner of the folder from 'Everyone' to the specific windows user. This was given as a solution in the microsoft forums, but without explanation on why it works. 

 

Why would changing the NTFS parent folder owner fix this? The user still has the same permissions. 

 

It doesn't really matter, I have a workaround even if I don't understand why it works. 


4046 posts

Uber Geek


  #2526374 21-Jul-2020 10:18
Send private message quote this post

Just be aware failed to enumerate is usually that. Unable to work out proper permissions or what level the inbound security the client meets to approve access.

 

It's nearly always caused by a copied folder/file with previous permissions not reset. Or a conflicting range set.

 

The change owner is the easy-way to over-ride those. But the moment that user leaves or acct is not available, if there are not 'SYSTEM' or other administrator defaults also within it from the top tree down it quickly becomes a dead pooch. (Use with caution) Or at the very least disable any 'sharing' permissions and try clean it to NTFS only once back to local LAN access. 




4741 posts

Uber Geek


  #2526392 21-Jul-2020 10:36
Send private message quote this post

Oblivian:

 

Just be aware failed to enumerate is usually that. Unable to work out proper permissions or what level the inbound security the client meets to approve access.

 

It's nearly always caused by a copied folder/file with previous permissions not reset. Or a conflicting range set.

 

The change owner is the easy-way to over-ride those. But the moment that user leaves or acct is not available, if there are not 'SYSTEM' or other administrator defaults also within it from the top tree down it quickly becomes a dead pooch. (Use with caution) Or at the very least disable any 'sharing' permissions and try clean it to NTFS only once back to local LAN access. 

 

 

This is a new win10 install... admittedly, the permissions are a bit all over the place because some files are from the previous machine, some are new.  

 

Thanks.

 

 


Create new topic




News »

Freeview On Demand app launches on Sony Android TVs
Posted 6-Aug-2020 13:35


UFB hits more than one million connections
Posted 6-Aug-2020 09:42


D-Link A/NZ extends COVR Wi-Fi EasyMesh System series with new three-pack
Posted 4-Aug-2020 15:01


New Zealand software Rfider tracks coffee from Colombia all the way to New Zealand businesses
Posted 3-Aug-2020 10:35


Logitech G launches Pro X Wireless gaming headset
Posted 3-Aug-2020 10:21


Sony Alpha 7S III provides supreme imaging performance
Posted 3-Aug-2020 10:11


Sony introduces first CFexpress Type A memory card
Posted 3-Aug-2020 10:05


Marsello acquires Goody consolidating online and in-store marketing position
Posted 30-Jul-2020 16:26


Fonterra first major customer for Microsoft's New Zealand datacentre
Posted 30-Jul-2020 08:07


Everything we learnt at the IBM Cloud Forum 2020
Posted 29-Jul-2020 14:45


Dropbox launches native HelloSign workflow and data residency in Australia
Posted 29-Jul-2020 12:48


Spark launches 5G in Palmerston North
Posted 29-Jul-2020 09:50


Lenovo brings speed and smarter features to new 5G mobile gaming phone
Posted 28-Jul-2020 22:00


Withings raises $60 million to enable bridge between patients and healthcare
Posted 28-Jul-2020 21:51


QNAP integrates Catalyst Cloud Object Storage into Hybrid Backup solution
Posted 28-Jul-2020 21:40



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.