Changed folder permissions

["Barros, Jacob" <jkbarros () GRACE EDU>]

We recently discovered that about 80% of the permissions on our student
network storage folders were changed... Almost like they were reset.  My
first instinct was to check with everyone in the department that had
access to those files but no one seems to have touched them.
Unfortunately we don't have auditing enabled on this drive... Yet.

Background info:  This is a Windows 2000 (sp4 and updated patches)
member server in an AD environment.  We created a share
(\\servername\users) with default share permissions but NTFS permissions
where Domain Admins, Local Administrators and our department's global
group all have full control.  The everyone group has read access to the
top level folder and each student has modify permissions to his/her
respective folder.    

Permissions have been changed somehow to where Domain Admins and the
department GG still has full control and the everyone group has read
permissions.  However the local admin group is listed but has nothing
marked and the student account has been removed from each respective
folder's permissions.

Could a hacker have done this?  Anyone heard of a worm or virus that can
do something like this?  Or should I just further interrogate my staff?

ANY comments would be appreciated.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.