Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. You cannot apply permissions to the root directory of an NTFS file system volume in Windows Server 2003

You cannot apply permissions to the root directory of an NTFS file system volume in Windows Server 2003

View products that this article applies to.

Symptoms

On a Microsoft Windows Server 2003-based computer, when you use Microsoft Windows Explorer or the Cacls.exe utility, you cannot assign NTFS file system permissions to the root directory of an NTFS volume if the volume is mounted by using a mount point, or no drive letter. Instead, if you apply permissions to the mount point folder, the permissions are applied to the folder itself, but the permissions are not applied to the underlying root directory of the mounted volume. When you apply the permissions, you do not receive a message that warns you about this issue.

If you use the procedure that is documented in the following Microsoft Knowledge Base article to address this issue, the suggested resolution may not work on an active volume because you may not be able to un-assign the temporary drive letter if the volume is in use. If you have several mounted volumes, you may run out of drive letters and may not be able to apply new permissions until after you restart your computer:
237701 Cacls.exe cannot apply security to root of a volume mount point

↑ Back to the top

Cause

In its current implementation, the Cacls.exe utility cannot use the volume GUID to set permissions on the root of a mounted NTFS volume.

↑ Back to the top

Resolution

Hotfix information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
http://support.microsoft.com/contactus/?ws=support
Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Prerequisites

No prerequisites are required.

Restart requirement

You do not have to restart your computer after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace any other hotfixes.

File information

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

Windows Server 2003

  Date         Time   Version       Size    File name
  -----------------------------------------------------
  12-Dec-2003  18:28  5.2.3790.110  20,480  Cacls.exe
  12-Dec-2003  02:40  5.2.3790.112  37,888  Ws03res.dll

Windows Server 2003, 64-Bit 

  Date         Time   Version       Size    File name     Platform
  ----------------------------------------------------------------
  09-Dec-2003  22:44  5.2.3790.110  49,152  Cacls.exe     IA-64
  12-Dec-2003  00:40  5.2.3790.112  37,376  Ws03res.dll   IA-64
  12-Dec-2003  16:28  5.2.3790.110  20,480  Wcacls.exe    x86
  12-Dec-2003  00:40  5.2.3790.112  37,888  Wws03res.dll  x86

↑ Back to the top

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top

More information

After you apply the hotfix that is described in this article, you can use the Cacls.exe utility to add or to remove NTFS permissions to NTFS volumes that have a volume mount point as their only path. This hotfix adds a new command-line switch (cacls /m) that provides Cacls.exe with the functionality to apply permissions to a mount point folder and to apply permissions to the underlying root of the mounted volume.

Description of updated Cacls.exe usage and command-line switches

CACLS FileName [/T] [/M] [/E] [/C] [/G user:perm] [/R user [...]]
               [/P user:perm [...]] [/D user [...]]

   FileName      Displays ACLs.
   /T            Changes ACLs of specified files in
                 the current directory and in all subdirectories.
   /M            Changes ACLs of volumes mounted to a directory
   /E            Edit ACL instead of replacing it.
   /C            Continue on access denied errors.
   /G user:perm  Grant specified user access rights.
                 Perm can be: R  Read
                              W  Write
                              C  Change (write)
                              F  Full control
   /R user       Revoke access rights of a specified user 
                 (only valid with /E).
   /P user:perm  Replace access rights of a specified user.
                 Perm can be: N  None
                              R  Read
                              W  Write
                              C  Change (write)
                              F  Full control
   /D user       Deny specified user access.

Wildcard characters can be used to specify more than one file in 
a command.  You can specify more than one user in a command.

Abbreviations:
   CI - Container Inherit.
        The ACE will be inherited by folders.
   OI - Object Inherit.
        The ACE will be inherited by files.
   IO - Inherit Only.
        The ACE does not apply to the current file or folder.


With additional enhancements to the Cacls.exe utility, you can specify a volume GUID as the target instead of specifying the drive letter as the target. For example, instead of using the drive letter, type the following command at the command prompt:
C:\cacls \\?\Volume{26a21bda-a627-11d7-9931-806e6f6e6963}\
Note In this example, {26a21bda-a627-11d7-9931-806e6f6e6963} is an example of a volume GUID.

Note To list the attached volumes (in the format Volume{GUID}) on your computer, you can use the Mountvol.exe utility. To use this utility, type mountvol at a command prompt, and then press ENTER.

Additional Examples

To modify permissions to add User_Name1 to the root of the volume and to all subfolders on the volume by using the volume GUID, type the following:
C:\cacls \\?\Volume{26a21bda-a627-11d7-9931-806e6f6e6963}\ /T /E /G User_Name1:F
To view permissions on the root of a mounted volume by using the volume GUID, type the following:
C:\cacls \\?\Volume{26a21bda-a627-11d7-9931-806e6f6e6963}\
To view permissions on the root of a mounted volume by using the mountpoint name, type the following:
C:\cacls F:\mounted_volume /M
To modify permissions on the root of a mounted volume so that User_Name1 has permission to read, type the following:
C:\cacls F:\mounted_volume /M /E /P User_Name1:R
To modify permissions on the root of a mounted volume to change permissions for User_Name2 to Full Control, type the following:
C:\cacls F:\mounted_volume /M /E /G User_Name2:F
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

↑ Back to the top

Keywords: KB832234, kbwinserv2003presp1fix, kbqfe, kbfix, kbbug, kbhotfixserver, kbautohotfix

↑ Back to the top

Article Info
Article ID : 832234
Revision : 13
Created on : 7/24/2007
Published on : 7/24/2007
Exists online : False
Views : 311