Microsoft KB Archive/832234

From BetaArchive Wiki

Article ID: 832234

Article Last Modified on 7/24/2007


APPLIES TO

  • Microsoft Windows Server 2003, Web Edition
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise x64 Edition



SYMPTOMS

On a Microsoft Windows Server 2003-based computer, when you use Microsoft Windows Explorer or the Cacls.exe utility, you cannot assign NTFS file system permissions to the root directory of an NTFS volume if the volume is mounted by using a mount point, or no drive letter. Instead, if you apply permissions to the mount point folder, the permissions are applied to the folder itself, but the permissions are not applied to the underlying root directory of the mounted volume. When you apply the permissions, you do not receive a message that warns you about this issue.

If you use the procedure that is documented in the following Microsoft Knowledge Base article to address this issue, the suggested resolution may not work on an active volume because you may not be able to un-assign the temporary drive letter if the volume is in use. If you have several mounted volumes, you may run out of drive letters and may not be able to apply new permissions until after you restart your computer:

237701 Cacls.exe cannot apply security to root of a volume mount point


CAUSE

In its current implementation, the Cacls.exe utility cannot use the volume GUID to set permissions on the root of a mounted NTFS volume.

RESOLUTION

Hotfix information

A supported hotfix is now available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next service pack that contains this hotfix.

To resolve this problem, submit a request to Microsoft Online Customer Services to obtain the hotfix. To submit an online request to obtain the hotfix, visit the following Microsoft Web site:

http://go.microsoft.com/?linkid=6294451


Note If additional issues occur or any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. To create a separate service request, visit the following Microsoft Web site:

http://support.microsoft.com/contactus/?ws=support


Prerequisites

No prerequisites are required.

Restart requirement

You do not have to restart your computer after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace any other hotfixes.

File information

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

Windows Server 2003

  Date         Time   Version       Size    File name
  -----------------------------------------------------
  12-Dec-2003  18:28  5.2.3790.110  20,480  Cacls.exe
  12-Dec-2003  02:40  5.2.3790.112  37,888  Ws03res.dll

Windows Server 2003, 64-Bit

  Date         Time   Version       Size    File name     Platform
  ----------------------------------------------------------------
  09-Dec-2003  22:44  5.2.3790.110  49,152  Cacls.exe     IA-64
  12-Dec-2003  00:40  5.2.3790.112  37,376  Ws03res.dll   IA-64
  12-Dec-2003  16:28  5.2.3790.110  20,480  Wcacls.exe    x86
  12-Dec-2003  00:40  5.2.3790.112  37,888  Wws03res.dll  x86

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

MORE INFORMATION

After you apply the hotfix that is described in this article, you can use the Cacls.exe utility to add or to remove NTFS permissions to NTFS volumes that have a volume mount point as their only path. This hotfix adds a new command-line switch (cacls /m) that provides Cacls.exe with the functionality to apply permissions to a mount point folder and to apply permissions to the underlying root of the mounted volume.

Description of updated Cacls.exe usage and command-line switches

CACLS FileName [/T] [/M] [/E] [/C] [/G user:perm] [/R user [...]]
               [/P user:perm [...]] [/D user [...]]

   FileName      Displays ACLs.
   /T            Changes ACLs of specified files in
                 the current directory and in all subdirectories.
   /M            Changes ACLs of volumes mounted to a directory
   /E            Edit ACL instead of replacing it.
   /C            Continue on access denied errors.
   /G user:perm  Grant specified user access rights.
                 Perm can be: R  Read
                              W  Write
                              C  Change (write)
                              F  Full control
   /R user       Revoke access rights of a specified user 
                 (only valid with /E).
   /P user:perm  Replace access rights of a specified user.
                 Perm can be: N  None
                              R  Read
                              W  Write
                              C  Change (write)
                              F  Full control
   /D user       Deny specified user access.

Wildcard characters can be used to specify more than one file in 
a command.  You can specify more than one user in a command.

Abbreviations:
   CI - Container Inherit.
        The ACE will be inherited by folders.
   OI - Object Inherit.
        The ACE will be inherited by files.
   IO - Inherit Only.
        The ACE does not apply to the current file or folder.



With additional enhancements to the Cacls.exe utility, you can specify a volume GUID as the target instead of specifying the drive letter as the target. For example, instead of using the drive letter, type the following command at the command prompt:

C:\cacls \\?\Volume{26a21bda-a627-11d7-9931-806e6f6e6963}\


Note In this example, {26a21bda-a627-11d7-9931-806e6f6e6963} is an example of a volume GUID.

Note To list the attached volumes (in the format Volume{GUID}) on your computer, you can use the Mountvol.exe utility. To use this utility, type mountvol at a command prompt, and then press ENTER.

Additional Examples

To modify permissions to add User_Name1 to the root of the volume and to all subfolders on the volume by using the volume GUID, type the following:

C:\cacls \\?\Volume{26a21bda-a627-11d7-9931-806e6f6e6963}\ /T /E /G User_Name1:F


To view permissions on the root of a mounted volume by using the volume GUID, type the following:

C:\cacls \\?\Volume{26a21bda-a627-11d7-9931-806e6f6e6963}\


To view permissions on the root of a mounted volume by using the mountpoint name, type the following:

C:\cacls F:\mounted_volume /M


To modify permissions on the root of a mounted volume so that User_Name1 has permission to read, type the following:

C:\cacls F:\mounted_volume /M /E /P User_Name1:R


To modify permissions on the root of a mounted volume to change permissions for User_Name2 to Full Control, type the following:

C:\cacls F:\mounted_volume /M /E /G User_Name2:F


For more information, click the following article number to view the article in the Microsoft Knowledge Base:

824684 Description of the standard terminology that is used to describe Microsoft software updates



Additional query words: Cacls

Keywords: kbhotfixserver kbbug kbfix kbqfe kbwinserv2003presp1fix KB832234



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/832234&oldid=201464
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki