I've not seen this asked, or answered, anywhere, so I'll have to ask myself. Have an HP DL320 VPN/Firewall/Cache running ISA2004/W2k3 (Appliance Edition).
Have a folder on D: called ISA_LOGS where the log files are. This folder is shared, and the user list is Administrators (FC), System (FC) task (RE)(local user for copying things).
Have another server that on a daily basis logs into the ISA_LOGS share as task, and copies the logs to a consolidation server.
The problem is that when the ISA server gets patched and rebooted, the permissions on that folder go back to it_task having no permissions on the folder.
It looks like there's a policy or a registry setting that is controlling this, but I can't find one, adn this is getting annoying, since whenever it happens, the log job fails, and then the permissions need to be fixed manually, and the job needs to be redone manually.