Win2k Permissions bug

From: Parth Galen (Parth_Galenat_private)
Date: Fri Jun 08 2001 - 16:06:17 PDT

Next message: Frank Heyne: "Re: Win2k Permissions bug"

Previous message: Todd Willey: "Re: Pipeupsam Usage"
Next in thread: Frank Heyne: "Re: Win2k Permissions bug"
Reply: Frank Heyne: "Re: Win2k Permissions bug"
Reply: Parth Galen: "Re: Win2k Permissions bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

FYI - I am relaying the following note for a friend. I will get all replies to him ASAP. Thx.
----------------------------------

I been working on this issue through a Microsoft Premier Support ticket for about 60 days. At this time we have not received a resolution nor does one seem forthcoming. I am very disappointed at the response, or lack of response from Microsoft Support on what I believe is a serious issue. I feel that you and others should be aware of our findings.

There is apparently a bug in Windows 2000 Server regarding NTFS permissions. The symptom is that at the individual file level the Allow Inheritable Permissions switch and NTFS file permissions can change unexpectedly and without notification. These changes to file security easily go unknown to both network administrators and end users.
Microsoft has acknowledged a similar problem referenced in KB article Q266731. Microsoft has created a hot fix for this issue, however in testing the hot fix has not corrected the problem that we have identified.

Example: In the case where a particular file_s NTFS permissions are set different from those of its parent folder and the inheritance box on the file has been unchecked, the inherit permissions box on the file can turn itself on and the NTFS file permissions will then change to the permissions defined on the parent folder when the file is modified and saved.

Configuration where the problem has been observed:
. Windows 2000 Server SP1
. NT 4.0 SP6a Workstation
. Various applications programs such as: Word 97, Excel 97, Visio 5.0

The problem seems to manifest itself when using applications that create temp files. As many current software packages do create temp files the network security implications are obvious. While security problems are always serious, this one carries the additional danger of network security being altered against the intention of the administrator, while the administrator is unaware that security changes have taken place.

Any insight will be appreciated!
---------------------------------------

Next message: Frank Heyne: "Re: Win2k Permissions bug"
Previous message: Todd Willey: "Re: Pipeupsam Usage"
Next in thread: Frank Heyne: "Re: Win2k Permissions bug"
Reply: Frank Heyne: "Re: Win2k Permissions bug"
Reply: Parth Galen: "Re: Win2k Permissions bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Jun 09 2001 - 08:59:04 PDT