• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Issue with filesystem permission on logs directory

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> Logging and Reporting >> Issue with filesystem permission on logs directory Page: [1]
Login
Message << Older Topic   Newer Topic >>
Issue with filesystem permission on logs directory - 20.Jan.2010 4:47:53 AM   
tinto

 

Posts: 247
Joined: 9.Sep.2004
From: Italy
Status: offline
Hi, probably it's not a strictly isa-related issue but i try to ask....: i have an isa 2006 std running on windows 2003sp2 member of POL domain.

Logs are saved in a local drive and the directory is shared to allow a log analyzer (proxy inspector) to retrieve logs. Log analyzer runs on another server which is another w2k3sp2 member of  POL domain.

The directory is shared with "everyone-read" in Sharing tab and in Security tab i give read only permissions to the dedicated user POL\isalogger. The fact is that after few hours permissions disappear from Security tab.

Before POL\isalogger i was trying to use another user, member of Backup Operators group and had same problem: i've read http://policelli.com/blog/?p=136 about "AdminSDHolder and Protected Groups" so i tried with another user but the problem still exixts

Thank you in advance for any help.

_____________________________

Tinto
Post #: 1
RE: Issue with filesystem permission on logs directory - 20.Jan.2010 3:46:44 PM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi Tinto,

this happens because ISA firewall resets all permissions when any changes are made or ISACTRL service is restarted.

quote:

Q: How are DACLs affecting my ISA Server at all?
A: When you configure or change any Administrative Role on ISA (regardless of Enterprise or Standard Edition), the file and registry DACLs will be modified.

Important! Any changes you made earlier in the NTFS security settings, which don't match the roles configured in ISA, will be removed!!
Example: You recently added NTFS permissions to a user named BACKUP (manually, by GPO or sth. like this...). This use should be able to backup the ISA folders. All permissions you granted to this user will be removed after you make any changes or restart ISACTRL, if you haven't configured this user in the ISA Administrative Roles. Therefore your backup of ISA Server will most likely fail.

Source: https://blogs.technet.com/isablog/archive/2008/09/08/isa-administrative-roles-ntfs-and-registry-permissions.aspx



Regads,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to tinto)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> Logging and Reporting >> Issue with filesystem permission on logs directory Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts