I suspect this problem isn’t limited to just managing CIFS shares on NetApp’s. I bet if you’ve got a Windows File Server and you’re trying to edit NTFS permissions on shares via a Windows 2008 Computer Management MMC you’ll get this error message.
In our case we’ve got a NetApp FAS2040 joined to our new AD forest with a few CIFS shares on it. In this new forest we’re using Windows 2008 R2 domain controllers and our forrest is set to a 2008 functional level.
When we want to manage the NTFS permissions of CIFS shares exported from our old NetApp FAS2020 in our old forrest (which is at a 2003 functional level with 2003 domain controllers) we’d typically login to a Windows 2003 server, load up the Computer Management MMC and connect to our NetApp.
Today I created a new CIFS share on our FAS2040, logged into a Windows 2008 R2 server, fired up the Computer Management MMC, connected to the NetApp and tried to change the NTFS permissions on the share. This is what I got:
This shouldn’t be happening. The account I’m using is a Domain Administrator and the Domain Admins group has been added to the NetApps local Administrator group.
If you click ‘Cancel’ all the way out and then go back and view the NTFS permissions it will turn out that the changes did take effect despite the “Access Denied” error message.
For some odd reason I thought to try using a Windows 2003 Server from our old forest to manage the NTFS permissions. It worked perfectly with no access denied error. What gives?
Turns out this does: http://support.microsoft.com/kb/972299
Microsoft doesn’t explicitly state this but to “solve” the problem just create an empty folder, a blank text file or anything in the share first and then edit the permissions… or you can fire up a Windows 2003 Server and just use it’s MMC.