Hello all, I met a strange thing using icacls commonand on windows 2008 r2. enviroment: - 1 Windows 2008 R2 acts as a Name Server for DFS - a shared foler named A is in the DFSRoots, and a sub-folder named A-1 is in folder A - with cacls commonand, I can the current permission for A-1, "user1:(OI)(CI)(ID)R", for folder A : user1:(OI)(CI)R" - after running "icacls A-1 /inheritance:d", then use "cacls A-1", I see the permissionf for user1 is (OI)(CI)R - then, I restart the windows 2008 r2 server, with commond "cacls A-1", I see the permission for user1 is now "user1:(OI)(CI)(ID)R" again. - the same thing does not occour on windows 2003 Somebody help me? many thanks in advance...

Hi, As it is a link which actually direct to a remote shared folder, I would like to know if the permission is affected by the permission of the actual folder. TechNet Subscriber Support in forum |If you have any feedback on our support, please contact tnmff@microsoft.com.

Hi, The permission of actual folder is not affected. user1 for the actual folder is "(OI)(CI)R", and the ABE is enabled. So I want to make the link the same permission with the actual folder. Additionals to current enviroment, - Windows 2003 AD - One Windows 2003 Name Server - One Windows 2008 R2 Name server - DFS Namespace is Windows 2000 Domain-based in Windows 2000 Server mode - DFS Client : Windows 7 Pro. and Windows XP Pro.

Not even in the regkeys below? HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Sounds like a routine is applying that. A logon script or something like this.

Hello all, I met a strange thing using icacls commonand on windows 2008 r2. enviroment: - 1 Windows 2008 R2 acts as a Name Server for DFS - a shared foler named A is in the DFSRoots, and a sub-folder named A-1 is in folder A - with cacls commonand, I can the current permission for A-1, "user1:(OI)(CI)(ID)R", for folder A : user1:(OI)(CI)R" - after running "icacls A-1 /inheritance:d", then use "cacls A-1", I see the permissionf for user1 is (OI)(CI)R - then, I restart the windows 2008 r2 server, with commond "cacls A-1", I see the permission for user1 is now "user1:(OI)(CI)(ID)R" again. - the same thing does not occour on windows 2003 Somebody help me? many thanks in advance... What exactly is this folder that you're permissions are changing in? Is UAC Active on this server? Cacls and Icacls have different enumeration results, however that is a strange observation. I assume this would be a group policy effected file source? Steve Kline Microsoft Certified IT Professional: Server Administrator Microsoft Certified Technology Specialist: Active Directory, Network Infrastructure, Application Platform, Windows 7 Microsoft Certified Product Specialist & Network Product Specialist Red Hat Certified System Administrator Microsoft® Community Contributor Award 2011 All opinions expressed on my own behalf and not that of my company. This posting is "as is" without warranties and confers no rights.

Thanks. - this folder is exactly a link to the remote windows 2003 fileserver, I called it under tool "DFS managment" - yes, the UAC is active on this Server - Windows 2008 R2 ( the name server ) - I use Icacls command to disalbe the inheritance permission for the folder A-1, and check with cacls command. it works, but, if I restart the server, the inherited permission is back, don't know why. - if I use windows 2003 to act as the Name Server, after disabling the inheritance for the same folder, restart the server, it works...

Did you check for any script running at the startup? Scheduled task or something among these lines?

No script running at the satrtup.