Windows: How to fix broken permission-inheritance?

windows ntfs file-permissions

Solution 1:

icacls <folder> /t /reset will reset all permissions with the default inheritable ones.

Technet reference

Solution 2:

I ended up coding it in C#:

  • Get SeBackupPrivilege and SeRestorePrivilege (allows the user to read and write everywhere).
  • Rewrite the path to make Windows handle long filenames (for local paths: prefix @"\\?\")
  • Traverse the directory-tree
  • For each element load the ACL
  • Add an explicit rule and remove it again. This tricks the library into thinking that the ACL was changed.
  • Write the ACL
  • The IO-library will fix the inheritance-issues while writing the unchanged ACL.

I also implemented a check if a fix is necessary at all. But it took some work to get it working reliably:

  • You need to interprete the propagation- and inheritance-flags correctly.
  • Sometimes, permissions are merged on the way down, sometimes they are not. In the end, I just checked if they mean the same.
  • Deal with the special permissions "GENERIC_(READ|WRITE|EXECUTE|ALL)"

It found and fixed about 40.000 errors on a 1-million-files-share.

Related

FreeBSD: Cant stop program started by rc.d ("is not running")
Samba AD Groups appear empty on Unix
Applying k8s network policies in Amazon EKS
Windows Open SSH Server cannot support more than 50 concurrent ssh sessions
Resolve DNS for a docker container with dnsmasq
Docker-compose IP address for Database
How to redirect index.html to the same name with capital letter by nginx
very fast file syncing software [closed]
chown won't change ownership
pop_back() return value?
Flask jsonify a list of objects
Why doesn't Mutex get released when disposed?