Windows 7 + ADS permissions problems

PS - RAIDiator 4.2.19 on the RNAS Pro 4

Scratch that. The problem is worse than I thought. I was testing from a Domain Admin account in Windows XP and was able to modify subfolder contents. I just tried using a non-domain-admin user account and it reported "Access is denied" just like other standard users are seeing, and the subfolder was created from a Windows XP share by another standard non-admin user.

It would seem that somehow the permissions from the root share folder are NOT being passed along to the contents after all. I now also notice that I am seeing "CREATOR OWNER" and "CREATOR GROUP" listed in the Security settings for the share, when I am 100% those were not there before. I also see "root (Unix User\root)" show up in some security settings and both that one and "root (Unix Group\root)" elsewhere, though in all occasions neither of those show any actual Permissions in the Permissions for... section of the Security dialog box.

This is ultra-confusing. I'm sure it has something to do with moving the contents via backup. How the heck else are you supposed to move files into the share without affecting timestamps?!?!

OK, so I know the CREATOR and Unix accounts are always there, that's fine. Why are new folders and files being created such that only the person who created them can modify them, when the security settings show that the entire Domain Users group has Full Control?

I am perplexed. Seriously, nobody here has ever wanted to have a share full of files that are protected by Active Directory security permissions? Case # 16731895 - even Netgear didn't help matters and I was supposedly on the phone with top-level engineers.

bedwardsnexlearn wrote:
OK, so I know the CREATOR and Unix accounts are always there, that's fine. Why are new folders and files being created such that only the person who created them can modify them, when the security settings show that the entire Domain Users group has Full Control?

Because you configured the advanced CIFS permissions on the share to allow that in Frontview?

Grievous wrote:
Because you configured the advanced CIFS permissions on the share to allow that in Frontview?

Actually, I didn't, Netgear Support did, but I don't see how "Automatically set permissions on new files and folders" means, in English "Automatically lock down new files and folders so that only their creator can modify them". Regardless, this problem is the exact same issue that others are having with Windows 7/Vista and their ReadyNAS units marking files read-only when modifications are saved. I'll let this thread die and keep an eye on the other thread: viewtopic.php?f=23&t=54072

Yes, it means exactly what you said. Automatically setting the permissions on the files and folders can cause them to be locked down so only the creator can modify them. It's exactly why Ewok mentioned it in that other thread.

Now I'm confused, why was Netgear support changing your share permission settings? What were they originally, and are they configured as you mentioned in the other thread now?

By the way, please stick with your own thread(this one) instead of an older thread referring to a release that's a few years old.

edit: I'm also only finding one tech support case of yours that was a pre-sale question about an NV+, was there another email address you used besides the one on the forum maybe?

I assume they were making changes to save time rather than continuing to ask me to do so only to listen to me verify that I understood what they were asking me to do. This was a telephone support instance in which we were on the phone going on 5-6 hours.

The CIFS permissions settings on the share in question are set *exactly* as specified in the other thread (I'll re-cover those here for posterity):

CIFS settings:
Default access: Read/Write
Allow guest access: enabled
Groups allowed full control on share ACL: homedomain.lan\users, remotedomain.local\remoteusers
Recycle bin: enabled (default settings)
Advanced CIFS Permission: Automatically set permissions ... enabled, Do not allow ... disabled, Group Rights: Read/Write, Everyone Rights: Read/Write
Oplocks: enabled

Advanced Options:
Share folder owner: root (will not let me change)
Share folder group: domain users (will not let me change)
Share folder owner rights: Read/Write (greyed out, unchangeable)
Share folder group rights: Read/Write
Share folder everyone rights: Read/Write
Set ownership and permission ... disabled
Grant rename and delete ... enabled
Advanced Share Utilities: disabled

Originally "Guest access" was disabled and the user groups I was trying to use to apply ACL permissions via Windows Explorer were "homedomain.lan\domain users" and "remotedomain.local\domain users". The moment I switched from using the "domain users" group in both domains to using something different in both domains things started getting better for everyone except Vista and Windows 7 clients. Prior to that change even Windows XP users were having issues.

Yes, there should be three open cases with Netgear for three separate problems, including this one. One of the cases was marked pre-sale about an NV+, and that case has been closed, although the problem was not solved. The other two cases I have submitted were using either this address or were submitted under a shared mail account so that my bosses could also get updates in case I was unavailable to assist in troubleshooting. I don't think I have the support case numbers for those written down, unfortunately. I was pretty upset with Netgear there for a bit, as I was told by a tech regarding the NV+ case that my request basically "got lost in the mail".

I'll stick to this thread from now on.

Thanks.

Ok, you're running 4.2.19.

The first thing to try, and I'm only stating this because I haven't seen you mention it yet nor can I find the other support cases, is to create a new share and don't touch any of the settings.

If everything works fine, then change the CIFS and advanced CIFS permissions, check again. Don't change anything on the advanced options tab.

Will do. When changing the CIFS and Advanced CIFS permissions are there any specific settings you think I should use, or should I just apply the same settings that exist on the problematic share? Also, by "Advanced CIFS permissions" I assume you are referring to the section at the bottom of the CIFS "window" and not "Advanced Options". Please correct me if that is incorrect.