I did see it set under effective settings. But for some reason, going from
folder a drilling down through folder, b, c, d; access is blocked to d even
though explicit permissions are present. This server is a DC with all
patches. I am really at a loss, I have ensured that the domain security
policy and local security policy has by-pass enabled, and each folder in the
heirarchy has by-pass checked for Authenticated Users.
Below is a DumpSec report for the heirarchy I am testing by-pass against,
with the Helpdesk forms folder being the folder I am trying to by-traverse
to.
C:\HMMA\HR-Admin\IT\ Authenticated Users ax00100020
C:\HMMA\HR-Admin\IT\ HMMA\Domain Admins all all
C:\HMMA\HR-Admin\IT\ HMMA\Administrator all all
C:\HMMA\HR-Admin\IT\ HMMA\HMMA IT Dept RWXD RWXD
C:\HMMA\HR-Admin\IT\Drawings\ Authenticated Users ax00100020
C:\HMMA\HR-Admin\IT\Drawings\ HMMA\Domain Admins all all
C:\HMMA\HR-Admin\IT\Drawings\ HMMA\Administrator all all
C:\HMMA\HR-Admin\IT\Drawings\ HMMA\HMMA IT Dept RWXD RWXD
C:\HMMA\HR-Admin\IT\ERP\ Authenticated Users ax00100020
C:\HMMA\HR-Admin\IT\ERP\ HMMA\Domain Admins all all
C:\HMMA\HR-Admin\IT\ERP\ HMMA\Administrator all all
C:\HMMA\HR-Admin\IT\ERP\ HMMA\HMMA IT Dept RWXD RWXD
C:\HMMA\HR-Admin\IT\Event Log\ Authenticated Users ax00100020
C:\HMMA\HR-Admin\IT\Event Log\ HMMA\Domain Admins all all
C:\HMMA\HR-Admin\IT\Event Log\ HMMA\Administrator all all
C:\HMMA\HR-Admin\IT\Event Log\ HMMA\HMMA IT Dept RWXD RWXD
C:\HMMA\HR-Admin\IT\Forms\ Authenticated Users ax00100020
C:\HMMA\HR-Admin\IT\Forms\ HMMA\Domain Admins all all
C:\HMMA\HR-Admin\IT\Forms\ HMMA\Administrator all all
C:\HMMA\HR-Admin\IT\Forms\ HMMA\HMMA IT Dept RWXD RWXD
C:\HMMA\HR-Admin\IT\Forms\Help Desk Forms\ Authenticated Users R X R X
C:\HMMA\HR-Admin\IT\Forms\Help Desk Forms\ Authenticated Users ax00100020
C:\HMMA\HR-Admin\IT\Forms\Help Desk Forms\ HMMA\Domain Admins all all
C:\HMMA\HR-Admin\IT\Forms\Help Desk Forms\ HMMA\Administrator all all
C:\HMMA\HR-Admin\IT\Forms\Help Desk Forms\ HMMA\HMMA IT Dept RWXD RWXD
Any thoughts would be appreciated.
Rob
Richard McCall said:
Bypass travse checking is enabled by default on DC as Authenticated Users,
Everyone, Administrators and Pre Windows 2000 Compatible access
--
Richard McCall [MSFT]
"This posting is provided "AS IS" with no warranties, and confers no
rights."
Rob said:
If I recall correctly by-pass traverse checking was on by default with NT.
I have discovered that it is not on by default for W2K, bummer. I have a
heirarchy of folders for each of my departments that have been locked down
to just members of each department. Now I have the need to allow access
between departments. After turning by-pass traverse checking on and setting
it also for each folder, my users are unable to traverse folders they don't
have permissions to. The only way I could get the traversal to work was by
enabling List/Read also. The problem with this is it allows the users to
see the contents of folders they have no permission for.
How can I get the traversal functioning as it did with NT?
Rob
