Shared folder will be add deny administrators permission

[Guest]

I found a strange issue in the Active Directory of my company these days; the
user permission in Security option of the shared folder will be changed
automatically; it will be add the "Deny Administrators" entry and the other
users who has the modify permission on this folder will be denied as well.
As a result, I have to take ownership this folder for change the permission
back, unfortunately, the issue happened again some while after I changed the
permission back.
I have checked the GPO, but no any finding.
Is there someone who knows this issue?

Our company's AD environment is a sub domain of the forest.

Please share your experience to me. Thanks!

 

[Miha Pihler [MVP]]

Hi,

I am not sure if I understand where the problem is here... My main question
here is, why would you want to deny Administrator access to something?
If you need to deny Administrator something, simply make sure that this
account/group is not listed in Security list.
Also note that administrator and users who are members of administrator
group can always take ownership of files even if you put deny permission on
them.

 

[Roger Abell [MVP]]

See if you can place an Audit on the folder for successful change
of permissions by Everyone. If that will stick (not get altered as
when the Deny permissions show up) and you have audit of object
access (and privilege use assuming Administrators is owner and
the account making the change does not have a grant allowing the
change) then the security event log should at least point you to
when this is happening and by what account.