Microsoft KB Archive/323309

= Effective Permissions Are Displayed Incorrectly =

Article ID: 323309

Article Last Modified on 3/1/2007

-

APPLIES TO


 * Microsoft Windows XP Professional
 * Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)

-



This article was previously published under Q323309



SYMPTOMS
When your Windows XP Professional-based computer is configured as a stand-alone computer or a workgroup computer, effective permissions may not be correctly displayed for user accounts. This problem may occur even when security is correctly applied. Specifically, the Windows XP Professional security configuration user interface (UI) may indicate that users do not have permissions to access a file or folder, even if their user accounts are included in groups that are explicitly or indirectly granted access.



CAUSE
This issue occurs if all of the following conditions are true:
 * Windows XP Professional is installed as a stand-alone computer or as a member of a workgroup.
 * Simple File Sharing (SFS) is turned off. (Note that SFS is turned on by default.)
 * File and folder ACLs are configured by using machine local groups.

NOTE: Actual permissions are not affected. Users and groups are still granted or denied access to resources in a manner consistent with their permissions.



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.



MORE INFORMATION
NOTE: Windows XP Professional computers that are members of a Windows domain are not affected by this problem.

This problem also applies to Windows Server 2003 builds until build 3606.Lab03.020201.

Steps to Reproduce the Problem

 * 1) Right-click a file or folder on which permissions have been set.
 * 2) Click Properties, and then click the Security tab.
 * 3) Verify that the access control list (ACL) is configured by using one or more machine local groups that contain one or more user accounts.
 * 4) Verify that no user accounts are defined in the ACL for the resource.
 * 5) Click Advanced, and then click Effective Permissions.
 * 6) Verify the effective permissions for the group or groups listed in the ACL..
 * 7) Try to verify the effective permissions for one or more users who are members of a group with an access control entry (ACE) in the resource ACL.

The security configuration UI indicates that the users effectively lack any permissions to the resource, even though their accounts can access the resource by virtue of their group membership.

Keywords: kbprb KB323309

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.