I've seen other questions similar but not quite the same.
Have a client that is seeing a message when trying to access files in a folder on a Windows server 2012 R2. This behavior is consistent for a specific folder. No other complaints for other files and folders.
"You require permission from Domain\xyzuser to make changes to this file."
The xyzuser name might change depending who has accessed it recently.
This only happens to one user.
On the root share, I reset permissions to Domain Users (someone had given Everyone Full Permissions) and removed all specific users assignments except the defaults (administrator, domain\administrator, domain\domain admins)
I removed Full Permissions on the subfolder for Everyone (just removed Everyone). I removed all user accounts that had Full permissions to that subfolder and assigned them to a user group and applied the group with all permissions Except Full permissions. But since this user group is a subset of Domain Users, it should be the same.
I re-enabled inheritance as all Domain Users are supposed to have read/write/modify.
I verified user is member of Domain Users.
This user still gets the same message on file access. Other users are fine and can manipulate files for her.
I see under Effective Access for the user, every permission allowed except Full, Change permissions and Take ownership.
File type is .xls. There is no ~$.* temporary office file (exposed system and hidden files to confirm).
There is no message in the user's Windows event logs.
Last thing - I saw the Owner is the XYZuser from above. Change owner of folder and files to Domain Admins, the issue is unchanged. User still cannot manipulate the file.
A colleague thought it was her local Windows profile. That has been rebuilt and the issue remains.
This kind of issue can happen to regular users as well, not only to system administrators, so, my answer is for general use.
In my experience, most often causes of this behavior are:
- malware activity.
Even with AV installed, one can do an offline scan (most AV's have this option). Also, an external AV boot disk would be a good idea. Many AV makers offer boot images that can be written on a CD/DVD or USB drive.
- disk errors.
For checking the disk for error, one could open a CMD with Admin permissions and execute command:
The system will prompt for offline scanning, the answer should be "Y". After restart, the system will scan for logical errors and bad clusters.
"C:" can be changed with the letter of the partition with problems.
Disabling UAC is not recommended.