Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Effective Permissions Are Displayed Incorrectly


View products that this article applies to.

This article was previously published under Q323309

↑ Back to the top


Symptoms

When your Windows XP Professional-based computer is configured as a stand-alone computer or a workgroup computer, effective permissions may not be correctly displayed for user accounts. This problem may occur even when security is correctly applied. Specifically, the Windows XP Professional security configuration user interface (UI) may indicate that users do not have permissions to access a file or folder, even if their user accounts are included in groups that are explicitly or indirectly granted access.

↑ Back to the top


Cause

This issue occurs if all of the following conditions are true:
  • Windows XP Professional is installed as a stand-alone computer or as a member of a workgroup.
  • Simple File Sharing (SFS) is turned off. (Note that SFS is turned on by default.)
  • File and folder ACLs are configured by using machine local groups.
NOTE: Actual permissions are not affected. Users and groups are still granted or denied access to resources in a manner consistent with their permissions.

↑ Back to the top


Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

↑ Back to the top


More information

NOTE: Windows XP Professional computers that are members of a Windows domain are not affected by this problem.

This problem also applies to Windows Server 2003 builds until build 3606.Lab03.020201.

Steps to Reproduce the Problem

  1. Right-click a file or folder on which permissions have been set.
  2. Click Properties, and then click the Security tab.
  3. Verify that the access control list (ACL) is configured by using one or more machine local groups that contain one or more user accounts.
  4. Verify that no user accounts are defined in the ACL for the resource.
  5. Click Advanced, and then click Effective Permissions.
  6. Verify the effective permissions for the group or groups listed in the ACL..
  7. Try to verify the effective permissions for one or more users who are members of a group with an access control entry (ACE) in the resource ACL.
The security configuration UI indicates that the users effectively lack any permissions to the resource, even though their accounts can access the resource by virtue of their group membership.

↑ Back to the top


Keywords: KB323309, kbprb

↑ Back to the top

Article Info
Article ID : 323309
Revision : 6
Created on : 3/1/2007
Published on : 3/1/2007
Exists online : False
Views : 268