File ownership and NTFS permissions removed from Office documents

%3CLINGO-SUB%20id%3D%22lingo-sub-1214745%22%20slang%3D%22en-US%22%3EFile%20ownership%20and%20NTFS%20permissions%20removed%20from%20Office%20documents%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1214745%22%20slang%3D%22en-US%22%3E%3CP%3EHave%20a%20good%20one%20here.%20We%20have%20some%20non-domain%20computers%20accessing%20a%20share%20on%20a%20domain%20file%20server.%20There%20is%20a%20firewall%20that%20is%20allowing%20445%2FSMB%20for%20drive%20mappings%20via%20AD%20authentication.%20Users%20are%20able%20to%20create%20a%20word%20or%20excel%20document%20just%20fine%2C%20but%20when%20that%20very%20same%20document%20is%20opened%20for%20editing%20and%20then%20saved%2C%20the%20file%20(from%20the%20users%20perspective)%20disappears.%20But%20what%20is%20really%20happening%20is%20the%20ownership%20and%20ntfs%20permissions%20are%20being%20removed.%20I%20go%20back%20in%20and%20fix%20ownership%2C%20add%20an%20entry%20in%20the%20permissions%20area%20and%20boom%2C%20all%20inherited%20permissions%20show%20up%20as%20normal.%20This%20is%20only%20happening%20to%20Office%20documents%2C%20txt%20files%20etc%20are%20able%20to%20be%20created%2C%20opened%2C%20edited%2C%20and%20saved%20with%20no%20issues.%20We've%20tried%20mapping%20the%20drive%20as%20different%20users%2C%20different%20group%20memberships%2C%20and%20with%20full%20permissions%2C%20with%20the%20same%20results.%20Identical%20issue%20as%20this%20post%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fanswers.microsoft.com%2Fen-us%2Fmsoffice%2Fforum%2Fall%2Fmicrosoft-office-losing-ntfs-permissions-and%2Fe81d342f-9748-4252-9390-957d63adb01f%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fanswers.microsoft.com%2Fen-us%2Fmsoffice%2Fforum%2Fall%2Fmicrosoft-office-losing-ntfs-permissions-and%2Fe81d342f-9748-4252-9390-957d63adb01f%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20thoughts%2C%20or%20ideas%20are%20welcome....%20thanks!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1214745%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1336574%22%20slang%3D%22en-US%22%3ERe%3A%20File%20ownership%20and%20NTFS%20permissions%20removed%20from%20Office%20documents%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1336574%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F576360%22%20target%3D%22_blank%22%3E%40Jason1880%3C%2FA%3E%26nbsp%3B%20Anyone%20find%20an%20answer%20to%20this%3F%20we%20seem%20to%20have%20a%20very%20similar%20issue.%20For%20us%20it%20is%20Domain%20Joined%20computers%20but%20over%20a%20VPN%20connection.%20Same%20results.%20New%20save%20is%20good%2C%20any%20additional%20save%20appears%20to%20remove%20the%20ownership%20permissions%20and%20the%20file%20goes%20poof%20to%20the%20user.%20Admin%20h%20as%20to%20add%20the%20ownership%20back%20in.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1495963%22%20slang%3D%22en-US%22%3ERe%3A%20File%20ownership%20and%20NTFS%20permissions%20removed%20from%20Office%20documents%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1495963%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F576360%22%20target%3D%22_blank%22%3E%40Jason1880%3C%2FA%3E%26nbsp%3BWe%20were%20having%20the%20same%20issue%20on%20an%20old%202008%20R2%20FS%20cluster%20and%20now%20the%20issue%20is%20happening%20on%20new%20Server%202019%20File%20Server%20cluster%20as%20well.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1519559%22%20slang%3D%22en-US%22%3ERe%3A%20File%20ownership%20and%20NTFS%20permissions%20removed%20from%20Office%20documents%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1519559%22%20slang%3D%22en-US%22%3E%3CP%3Esame%20happening%20with%20us.%26nbsp%3B%20Started%20about%20a%20week%20ago.%26nbsp%3B%20These%20are%20files%20stored%20on%202008%20R2%20server%2C%20being%20accessed%20across%20VPN.%26nbsp%3B%20Have%20not%20verified%20if%20it%20is%20only%20affecting%20existing%20files%20that%20are%20opened%2C%20edited%20and%20then%20saved%2C%20or%20if%20it's%20affecting%20new%20files%20as%20well.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHard%20to%20test%20the%20VPN%20theory%20however%2C%20with%2099%25%20of%20the%20company%20working%20from%20home.%26nbsp%3B%20I%20may%20try%20to%20test%20using%20on-prem%20VM%20via%20RDP%20and%20see%20if%20I%20can%20replicate%20-%20or%20not.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EManually%20resetting%20owner%20is%20kind%20of%20a%20pain.%26nbsp%3B%20Simple%20reboot%20of%20the%20server%20did%20not%20help.%26nbsp%3B%20Was%20glad%20to%20see%20we%20are%20not%20alone!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1662194%22%20slang%3D%22en-US%22%3ERe%3A%20File%20ownership%20and%20NTFS%20permissions%20removed%20from%20Office%20documents%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1662194%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F636269%22%20target%3D%22_blank%22%3E%40jrvandy%3C%2FA%3E%26nbsp%3B%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F576360%22%20target%3D%22_blank%22%3E%40Jason1880%3C%2FA%3E%26nbsp%3BTry%20running%20this%20elevated%20powershell.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESet-MpPreference%20-DisableScanningNetworkFiles%20%24true%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Elmk%20if%20it%20fixes%20for%20you.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1724678%22%20slang%3D%22en-US%22%3ERe%3A%20File%20ownership%20and%20NTFS%20permissions%20removed%20from%20Office%20documents%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1724678%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F576360%22%20target%3D%22_blank%22%3E%40Jason1880%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F576360%22%20target%3D%22_blank%22%3E%40Jason1880%3C%2FA%3E%26nbsp%3BNot%20sure%20if%20any%20answer%20to%20this%20%3F%20I%20have%20also%20started%20to%20experience%20this%20with%20a%20User%20in%20the%20past%20week.%20Driving%20me%20nuts%20Excel%20file%20It%20is%20a%20Home%20user%20though%20over%20VPN.%20Odd%20thing%20is%20we%20have%205%20other%20members%20of%20same%20team%20with%20same%20corporate%20build%20on%20laptop%20i.e.%20Same%20version%20of%20windows%20and%20office%20all%20working%20remote%20accessing%20the%20same%20file%20share%20but%20just%20the%20one%20user%20experiencing%20the%20permissions%20on%20the%20file%20vanishing.%26nbsp%3B%20it%20saves%20the%20file%20just%20no%20credentials%20against%20it%20remain%20not%20even%20Admin%20total%20blank%20sheet%20I%20have%20to%20take%20ownership%20of%20it%20and%20re-pull%2Fpush%20the%20top%20folder%20permissions.%20This%20is%20Server%202012.%26nbsp%3B%20Win10%20Laptop%20Build%201909%20enterprise.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2127784%22%20slang%3D%22es-ES%22%3ERe%3A%20File%20ownership%20and%20NTFS%20permissions%20removed%20from%20Office%20documents%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2127784%22%20slang%3D%22es-ES%22%3E%3CP%3EHello%20everyone%2C%3C%2FP%3E%3CP%3EIn%20our%20organization%20we%20have%20encountered%20this%20problem%20a%20few%20weeks%20ago%20only%20with%20domain%20users%2C%20not%20with%20local%20users.%3C%2FP%3E%3CP%3EHas%20anyone%20found%20a%20solution%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2127794%22%20slang%3D%22es-ES%22%3ERe%3A%20File%20ownership%20and%20NTFS%20permissions%20removed%20from%20Office%20documents%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2127794%22%20slang%3D%22es-ES%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F813408%22%20target%3D%22_blank%22%3E%40PMMeasures%2C%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHello%20everyone%2C%3C%2FP%3E%3CP%3EIn%20our%20organization%20we%20have%20encountered%20this%20problem%20a%20few%20weeks%20ago%20only%20with%20domain%20users%2C%20not%20with%20local%20users.%3C%2FP%3E%3CP%3EHas%20anyone%20found%20a%20solution%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E
Frequent Visitor

Have a good one here. We have some non-domain computers accessing a share on a domain file server. There is a firewall that is allowing 445/SMB for drive mappings via AD authentication. Users are able to create a word or excel document just fine, but when that very same document is opened for editing and then saved, the file (from the users perspective) disappears. But what is really happening is the ownership and ntfs permissions are being removed. I go back in and fix ownership, add an entry in the permissions area and boom, all inherited permissions show up as normal. This is only happening to Office documents, txt files etc are able to be created, opened, edited, and saved with no issues. We've tried mapping the drive as different users, different group memberships, and with full permissions, with the same results. Identical issue as this post https://answers.microsoft.com/en-us/msoffice/forum/all/microsoft-office-losing-ntfs-permissions-and/...

 

Any thoughts, or ideas are welcome.... thanks!

16 Replies

@Jason1880  Anyone find an answer to this? we seem to have a very similar issue. For us it is Domain Joined computers but over a VPN connection. Same results. New save is good, any additional save appears to remove the ownership permissions and the file goes poof to the user. Admin h as to add the ownership back in. 

@Jason1880 We were having the same issue on an old 2008 R2 FS cluster and now the issue is happening on new Server 2019 File Server cluster as well.

same happening with us.  Started about a week ago.  These are files stored on 2008 R2 server, being accessed across VPN.  Have not verified if it is only affecting existing files that are opened, edited and then saved, or if it's affecting new files as well.  

 

Hard to test the VPN theory however, with 99% of the company working from home.  I may try to test using on-prem VM via RDP and see if I can replicate - or not. 

 

Manually resetting owner is kind of a pain.  Simple reboot of the server did not help.  Was glad to see we are not alone!

@jrvandy  @Jason1880 Try running this elevated powershell. 

 

Set-MpPreference -DisableScanningNetworkFiles $true

 

lmk if it fixes for you.

@Jason1880 

@Jason1880 Not sure if any answer to this ? I have also started to experience this with a User in the past week. Driving me nuts Excel file It is a Home user though over VPN. Odd thing is we have 5 other members of same team with same corporate build on laptop i.e. Same version of windows and office all working remote accessing the same file share but just the one user experiencing the permissions on the file vanishing.  it saves the file just no credentials against it remain not even Admin total blank sheet I have to take ownership of it and re-pull/push the top folder permissions. This is Server 2012.  Win10 Laptop Build 1909 enterprise.

@PMMeasures ,

 

Hello everyone,

In our organization we have encountered this problem a few weeks ago only with domain users, not with local users.

Has anyone found a solution?

We continue to see this happen to individual users. We resolved it by closing down all office products and then reinstall Office 365 from the portal. The permission are only missing from Word & Excel files. I re-apply permissions on the impacted files and the installation of office fixes all future issues. We are a large organization and see this happen a few times. Almost like a Windows/Office update breaks the NTFS permissions for Office files.
We are also seeing this issue in a NTFS / Samba share environment, we had this occur on our old 2008 R2 servers and then at the same time it started to also occur on our newly built 2016 servers. We have had these shares/clusters for years and from my gut feeling it seems to have only occured since moving away from another AV product and over to defender.

We have an open case and also tried this command as suggested further up "Set-MpPreference -DisableScanningNetworkFiles $true" and unfortunately it didn't make any / much difference. For us this does not only affect office (word/excel/powerpoint) files it also affects pdf's.

Anyone else have any info on this?

@daveyl007  did you run the command on the client workstations?

@metzo well its all been deployed via a GPO and SCCM. So I can only guess the setting has replicated out to all client machines.

I know the machines we did check and we could indeed see the setting being applied.

 

you could have your tech reference case number 120083126003104, perhaps that may help in some way needed
Great thanks @metzo will get on to them now with that case number.

Thanks
Any solution for this issue?
Hi none as yet. Its still being troubleshooted by Microsoft and us internally.

Once the issue has been resolved or a suggestion of what is causing it I will post back here.

As per earlier post which was posted by someone else Microsoft do say this option should be set :

Set-MpPreference -DisableScanningNetworkFiles $true

Thanks
Dave

@daveyl007  Thanks Dave. Please do post once you get the solution.I am also facing this issue.

 

whether this command has to be run on all client machine and in file server?

@daveyl007 

 

Have you found a solution for this yet?