Parallels Desktop 9 for Mac lets you seamlessly run Windows and Mac applications side-by-sid

TIP: Workaround for Mavericks ACL permission bug

Jared Hendrickson followed up his report from yesterday about Mavericks breaking ACL permissions of shared folders in Active Directory. Unbinding the Macs from Active Directory was the only way to prevent corruptions of permission. Today, he reports a new workaround that allows the Macs remain bound.

Hendrickson previously reported (and Apple seemed to confirm) that with OS X 10.9.0 and 10.9.1, merely viewing the permissions of a folder from a Mac's the Get Info would change the ACL permissions. Hendrickson confirmed that 10.9.2 fixed this, but found that modifying ACL permissions from a Mac with OS X 10.9.2 corrupted the permissions, preventing even Windows users from accessing the shares. Here's the new fix he came up with today:

For an update to my previous comment, we have gone through and done thorough testing this morning to find a sure-fire way to prevent our own machines from altering permissions, outside of unbinding the Macs from AD.

In OS X 10.9.2 and 10.8.5, it appears that the filer ACL that needs to be removed to prevent this is a user's permission to "Change Permissions." This effectively also mean the user/group would not have "Full Control" either, but it prevents users from altering inheritance for any user - as it should. In our environment, this is acceptable, as we want out IT personnel to manage user group access to shares, not the users themselves. But that may not be the case for all.

Here's the "protective" ACL screen shot:

If you've seen this problem or tried this approach .

For more on OS X 10.9 file sharing issus, see Marvericks File Sharing Tips and Reports.