We recently paid a consultant to install Windows 2008 server, he moved us to a new domain and "migrated" users and files. I was told by him that the permissions "didn't carry" on some of the staff. This was bizarre and we're not happy with what happened but now we need to work so I'm focused on applying appropriate permissions. When I try to apply them, I consistently get errors even after taking ownership. Sometimes applying fails altogther. Last night I tried to modify a file in Netlogon. It wouldn't allow me because of permissions. I'm a member of the Administrators group. The Administrators group has full rights to this folder. When I tried to add myself as an individual entry, I get an error. I'm seeing a lot of problems with applying permissions and I'm starting to wonder if this is normal or if there is something majorly wrong. Tampering is a distinct possibility because the permissions that were working change for no apparent reason.Can someone help me qualify this situation and understand what is normal and not normal when applying permissions and getting errors. I don't have enough experience to compare what I'm seeing with other real world networks.

Please check first if your filesystem is not corrupt, therefore run chkntfs and chkdsk /f. If the issue persists, Logon as the problematic user account and run the following command to display the ACLs of the folder. - Click Start -> Run, type "cmd" in the text box, and click OK. - Type the following command in the Command window: Cacls "C:\folder" > c:\acls.txt Please use Windows Live SkyDrive (http://www.skydrive.live.com/ ) to upload the file and then give us the download address. Certifications: MCSA 2003 MCSE 2003

Hello egalois, If this server a domain controller or just a member server? When you tried to add yourself as an individual entry, what is the error message that you can see? Also, what is the error message that you see when you were applying permissions? Can you take a screenshot of it Did you logon a member of Built-in administrators group or Domain Admin group? Meanwhile, please also refer to the suggestion of shadownman123 to run “chkdsk /f” on that server. And then run cacls to dump the permission setting of the <problematic folder> on the server Cacls "problematic folder” > c:\acls.txt Please use Windows Live SkyDrive (http://www.skydrive.live.com/) to upload the file and then give us the download address. Thanks. This posting is provided "AS IS" with no warranties, and confers no rights.

Hi egalois, Did you had a chance to run the steps above ? , i would suggest you to re-run the migration process only to the user objects , i mean run the utility to migrate the user permissions you can use xcacls utility to perfrom the same please check the below link http://support.microsoft.com/kb/825751sainath !analyze

shadowman - the cacls command comes back "Access denied" David Shen - This is on the domain controllers.the error I get on adding myself or changing permissions is "Access denied" you do not have permissions....Note though: I am an enterprise admin. The error is not consistent in that sometimes it allows me to make changes, sometimes it doesn't. Also, permissions are changing with no apparent reason or cause. That is, I will set permissions for a group or user and find that they have changed and the group is no longer listed in the security list. Yesterday we had two printers disappear from the server. They were installed and working for weeks up to and including the morning of that day.