NTFS Permissions aren’t applying to Files

Folder Structure

Folder1 - Domain admin as Owner, Full Control
Folder2 + Folder3
Folder 4
Files in folder 4 - File 1, 2, 3.. etc

Folder 1 has domain admins as the owner, a well as ‘Replace all child objects with permissions with inheritable permissions from this object’ checked.

Folder 2 received the permissions with no issue

Folder 3 will not accept the permissions because ‘Access is denied’

Folder 4 receives the permissions with no issue

None of the files in folder 4 are receiving the permissions. In order for me to gain access, I have to manually change the owner to the DA group, which you can imagine takes a long time.

I’m logged in as a Domain admin, and I’m running 2008 R2. Does anyone have any idea why these permissions aren’t waterfalling through to every folder? Sorry for the poor structure using a numbered list, I’m not too familiar with formatting.

Answer

You need to also take ownership of all the subfolders and files.

Not only do you want to use the option Replace all child objects with inheritable permissions from this object you also want to change owner on Folder 1 and choose Replace owner on subcontainers and objects. Do the latter, before you do the former. Then all the permissions will be propagated properly.

Lastly, depending on the specific permissions you are trying to apply, sometimes UAC can get in the way. For instance, if you give access to “Administrators” you aren’t technically an administrator until you elevate – even when you are logged in as a domain admin.

UAC causes HUGE issues with file/folder permissions on a server. I won’t go in to the details, but IMO UAC has no place on a server. So, if you continue to have issues you might want to also try disabling that and see how that helps: https://gallery.technet.microsoft.com/Registry-Key-to-Disable-UAC-45d0df25