Microsoft KB Archive/304140

= Inherited file security permissions may be removed when you remotely edit the permissions =

Article ID: 304140

Article Last Modified on 2/20/2007

-

APPLIES TO


 * Microsoft Windows XP Home Edition
 * Microsoft Windows XP Professional
 * Microsoft Windows XP Professional x64 Edition
 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Professional Edition
 * Microsoft Windows NT Workstation 4.0 Developer Edition

-



This article was previously published under Q304140





SYMPTOMS
When a drive is mapped to a share point of a server and you edit the remote NTFS file system permissions, any existing inherited permissions are removed and only explicit permissions remain.



CAUSE
This problem occurs because the client interprets the mapped drive as the root of a drive. Because the root of a drive does not inherit permissions, any inherited permissions are removed.



Service pack information
To resolve this problem, obtain the latest service pack for Windows XP. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

322389 How to obtain the latest Windows XP service pack

Hotfix information
A supported hotfix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Only apply it to systems that are experiencing this specific problem. This hotfix may receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next Windows XP service pack that contains this hotfix.

To resolve this problem immediately, contact Microsoft Product Support Services to obtain the hotfix. For a complete list of Microsoft Product Support Services telephone numbers and information about support costs, visit the following Microsoft Web site:

http://support.microsoft.com/contactus/?ws=support

Note In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The usual support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

File information
The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.   Date         Time   Version      Size    File name -  21-Mar-2002  23:01  5.1.2600.40  36,352  Rshx32.dll 21-Mar-2002 00:22  5.1.2600.40   3,584  Xpsp1res.dll

Service pack information
To resolve this problem, obtain the latest service pack for Windows 2000. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to obtain the latest Windows 2000 service pack

Hotfix information
A supported hotfix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Only apply it to systems that are experiencing this specific problem. This hotfix may receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next Windows 2000 service pack that contains this hotfix.

To resolve this problem immediately, contact Microsoft Product Support Services to obtain the hotfix. For a complete list of Microsoft Product Support Services telephone numbers and information about support costs, visit the following Microsoft Web site:

http://support.microsoft.com/contactus/?ws=support

Note In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The usual support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

File information
The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.   Date         Time   Version        Size    File name -  28-Jan-2002  23:28  5.0.2195.4881  34,576  Rshx32.dll 28-Jan-2002 23:23  5.0.2195.4881  13,824  Sp3res.dll

Windows NT 4.0
To resolve this problem, either edit the NTFS permissions while you are logged on to the console or while you are connected to the computer by using a Terminal Services session.

You can edit the NTFS permissions remotely by using a mapped drive if you edit below the root of the mapped drive. For example, you can edit the NTFS permissions remotely if you edit a subfolder of the mapped drive.



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.

Windows XP
This problem was first corrected in Windows XP Service Pack 1.

Windows 2000
This problem was first corrected in Windows 2000 Service Pack 3.



MORE INFORMATION
When you edit the access control list (ACL) at the root of the drive, any permissions that are inherited are removed. Any inherited permission on the root of a drive is invalid because there is no parent to the root; therefore, when you map a drive to a remote share point and you edit the ACL, the client interprets that point as the root of the drive, and only the explicit permissions are retained.

If you set permissions remotely on the folder at the root of a share, all inherited permissions will be removed from the root folder and all subfolders. Additionally, you will receive an error message. To set permissions remotely on a folder at the root of a share without removing the inherited permissions, click No when you receive the error message. Then, either change the permissions on a child folder or make the change while logged in locally.

You can repair the lost permissions on the server (or workstation) that is hosting the share point as follows: Use the local drive letter and path and add or remove a user (or group) permission on the directory that lost inherited permissions, and then apply the change. All inherited rights reappear and are reapplied to that directory and all directories below it.

Additional query words: kbMgmtAdmin

Keywords: kbhotfixserver kbqfe kbwin2ksp4fix kbbug kbenv kbfix kbsecurity kbsysadmin kbwin2000presp3fix kbwin2000sp3fix kbwinxpsp1fix KB304140

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.