JSI Tip 1495. Error: The inherited ACL or the ACE could not be built.

Jerold Schulman

July 30, 1999

1 Min Read
ITPro Today logo

When attemping to add a new folder, if you receive:

Unable to create the folder New Folder. The inherited access control list (ACL) or the access control entry (ACE) could not be built.

you probably have exceeded the 64KB buffer size that an Access Control List (ACL) uses. The size of an Access Control Entry (ACE) varies, so the number of ACEs in an ACL has no fixed limit, but since 2 sets of ACEs need to be created (inheritance), the real limit is 32KB.

It is very unusual to require such a complex security schema. Chances are you have lots of redundancy. In any case, you havetwo possible workarounds:

1. Remove ACEs from the parent folder. Once you have removed enough entires, new sub-folders can be created.

2. Create the sub folder in some other directory on the same drive. Then move it to the parent folder. Set permissions on the sub-folder.

NOTE: The Windows NT security model relies the nesting of global groups within local groups. If you have more than a few hundred ACEs, you should review the way your are setting permissions. Excessive ACEs would also account for the majority of resources used to open a file.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like