Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsMicrosoft WindowsWindows file security and permissions
surfisup1000

5288 posts

Uber Geek
+1 received by user: 2159


#272851 20-Jul-2020 12:39
Send private message

Windows file security seem's quite buggy to me. My user has explicit authority to access a file. 

 

Yet, the user cannot access the file via remote SMB share. 

 

Eventually figured out that the owner on the folder needed to be changed, but it does not make sense. The user still had explicit security authorisation to the file. The folder owner was 'everyone'.

 

Kept getting the 'failed to enumerate' security error. 

 

Microsoft does not explain this at all in their documentation or why the folder owner takes priority over an explicit full user permissions. 

 

 

 

 

 

 

Create new topic
Oblivian
7345 posts

Uber Geek
+1 received by user: 2117

ID Verified

  #2525998 20-Jul-2020 13:21
Send private message

NFTS permissions vs Sharing permissions?

 

One can mess up the other. And believe if they are coming in from a device that is not on the same domain/authenticated or 'anonymous'. There may be a need to give explicit user credentials to access the shares/files or there is the potential it won't enumerate the incoming users matching SAM/SIDs correctly.

 

Way I understand it, the most restricted permission wins if both are set.

 

May also come down to the folder, if it's down the chain and an inherited is harsh.



Lias
5655 posts

Uber Geek
+1 received by user: 3978

ID Verified
Trusted
Lifetime subscriber

  #2526288 20-Jul-2020 22:18
Send private message

I suspect Oblivian is onto it. NTFS permissions and Sharing permissions are distinct and both need to be correct for your scenario.  If you are talking a non domain scenario with local users things are quite a bit more painful too. Also you say the user had full permission to the file, but don't say what NTFS level permissions it had to the folder. Did it also have read/list permission to the folder?




I'm a geek, a gamer, a dad, a Quic user, and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it. If you use my Quic signup you can also use the code R570394EKGIZ8 for free setup. Opinions are my own and not the views of my employer.

surfisup1000

5288 posts

Uber Geek
+1 received by user: 2159


  #2526362 21-Jul-2020 09:36
Send private message

Lias:

 

I suspect Oblivian is onto it. NTFS permissions and Sharing permissions are distinct and both need to be correct for your scenario.  If you are talking a non domain scenario with local users things are quite a bit more painful too. Also you say the user had full permission to the file, but don't say what NTFS level permissions it had to the folder. Did it also have read/list permission to the folder?

 

 

I checked the share and NTFS permissions - user has 'full authority' in both cases. 

 

To fix the problem, I changed the owner of the folder from 'Everyone' to the specific windows user. This was given as a solution in the microsoft forums, but without explanation on why it works. 

 

Why would changing the NTFS parent folder owner fix this? The user still has the same permissions. 

 

It doesn't really matter, I have a workaround even if I don't understand why it works. 



Oblivian
7345 posts

Uber Geek
+1 received by user: 2117

ID Verified

  #2526374 21-Jul-2020 10:18
Send private message

Just be aware failed to enumerate is usually that. Unable to work out proper permissions or what level the inbound security the client meets to approve access.

 

It's nearly always caused by a copied folder/file with previous permissions not reset. Or a conflicting range set.

 

The change owner is the easy-way to over-ride those. But the moment that user leaves or acct is not available, if there are not 'SYSTEM' or other administrator defaults also within it from the top tree down it quickly becomes a dead pooch. (Use with caution) Or at the very least disable any 'sharing' permissions and try clean it to NTFS only once back to local LAN access. 

surfisup1000

5288 posts

Uber Geek
+1 received by user: 2159


  #2526392 21-Jul-2020 10:36
Send private message

Oblivian:

 

Just be aware failed to enumerate is usually that. Unable to work out proper permissions or what level the inbound security the client meets to approve access.

 

It's nearly always caused by a copied folder/file with previous permissions not reset. Or a conflicting range set.

 

The change owner is the easy-way to over-ride those. But the moment that user leaves or acct is not available, if there are not 'SYSTEM' or other administrator defaults also within it from the top tree down it quickly becomes a dead pooch. (Use with caution) Or at the very least disable any 'sharing' permissions and try clean it to NTFS only once back to local LAN access. 

 

 

This is a new win10 install... admittedly, the permissions are a bit all over the place because some files are from the previous machine, some are new.  

 

Thanks.

 

 

Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright