Troubleshooting Red X on Domain User Icons in Windows Server 2008 R2 Folder Permissions


9 views

When examining folder permissions on a Windows Server 2008 R2 file server, you might notice a peculiar red X overlay on domain user icons in the Security tab. This visual indicator appears specifically when viewing permissions directly on the server, but disappears when checking the same folder from a workstation.

The red X typically indicates one of several potential states in Windows permission systems:

// Example of checking permission states programmatically
using System.Security.AccessControl;
using System.IO;

public void CheckPermissionState(string folderPath, string user)
{
    DirectorySecurity dirSec = Directory.GetAccessControl(folderPath);
    foreach (FileSystemAccessRule rule in dirSec.GetAccessRules(true, true, typeof(NTAccount)))
    {
        if (rule.IdentityReference.Value.Contains(user))
        {
            Console.WriteLine($"User: {rule.IdentityReference}");
            Console.WriteLine($"Access: {rule.FileSystemRights}");
            Console.WriteLine($"Inheritance: {rule.InheritanceFlags}");
            Console.WriteLine($"Propagation: {rule.PropagationFlags}");
        }
    }
}

The red X usually appears in these scenarios:

  • The user account exists in the ACL but cannot be resolved by the server
  • Permission inheritance is broken at some level
  • The security database has minor corruption

Here's a script to verify and potentially fix the issue:

# Check folder permissions with PowerShell
$folderPath = "C:\SharedFolder"
$acl = Get-Acl $folderPath

# Display all access rules
$acl.Access | Format-Table IdentityReference, FileSystemRights, AccessControlType, IsInherited -AutoSize

# Reapply permissions (may resolve the red X)
$acl.SetAccessRuleProtection($false, $true)
Set-Acl -Path $folderPath -AclObject $acl

For persistent cases, try these steps:

  1. Run chkdsk on the system drive
  2. Check Event Viewer for security-related errors
  3. Verify Active Directory replication status
  4. Clear the icon cache on the server

In some cases, modifying the icon cache settings can help:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer]
"Max Cached Icons"="2000"
"IconCacheSize"=dword:00002000

Remember to restart the server after making registry changes.

When managing shared folders on a Windows Server 2008 R2 file server, you might notice a peculiar red X mark on user objects in the Security tab. This visual indicator appears specifically on the user icon (the "single man" icon) in the permission entries list, despite users having full access and experiencing no functional issues.

An important observation is that this red X only appears when viewing permissions directly on the file server. When checking the same folder's permissions from a workstation, the icon appears normal. This suggests the issue is server-side and related to how the server resolves or displays user objects.

The red X typically indicates one of these scenarios:

  • The user object couldn't be fully resolved from Active Directory
  • A temporary display glitch in the server's security UI
  • Permission inheritance issues at the server level
  • Cached credentials needing refresh

You can check if the user objects are properly resolved using PowerShell:

# Check user resolution status
Get-Acl "C:\SharedFolder" | Select-Object -ExpandProperty Access | 
Where-Object { $_.IdentityReference -like "*username*" } | 
Format-List *

Sometimes simply refreshing the security information can help:

# Refresh security information
$acl = Get-Acl "C:\SharedFolder"
Set-Acl "C:\SharedFolder" $acl

For a more reliable view of permissions without the red X artifacts, consider these alternatives:

# Using icacls command
icacls "C:\SharedFolder" /t /c

# Using PowerShell for detailed output
(Get-Acl "C:\SharedFolder").Access | 
Select-Object IdentityReference, FileSystemRights, AccessControlType, IsInherited | 
Format-Table -AutoSize

While the red X is usually cosmetic, you should investigate further if you notice:

  • Actual permission failures
  • Users being unable to access resources
  • Security auditing failures

On Windows Server 2008 R2, this behavior might be more prevalent due to:

  • Older security subsystem implementation
  • Different icon rendering in server OS
  • Delayed AD replication states