Solved

Netware Migration - File Permissions

Posted on 1997-03-13
6
335 Views
Last Modified: 2013-12-19
We are converting users and files from a Netware 3.11 server to a WIndows NT 4.0 domain.  We have installed FPNW on the NT side and are using the migration tool to bring over accounts and files.  The migration tool successfully brings across the users, groups, and files.  Our problem deals with permissions on files after they have been brought over to the NT Server.  More specifically, permissions when a netware compatible user accesses files residing on NT.  

Our directory structure looks like this:
C:\SYSVOL\USERS\EMPNBR\user1  (user1 has Full Control)
                      \user2  (user2 has Full Control)  etc.
We need to set permissions so that the group EVERYONE does not have access to the "user1,user2" directories.  Only individual users should have access to these home directories.  We have experienced a problem when removing the EVERYONE groups permissions from these user directories.  The user no longer has access from DOS 6.22 clients, and Windows 3.1 or Win 95 clients shelled to DOS.  We can actually see these directories when using File Manager or Explorer (logged on as the individual user account).  We can even edit and save changes to the files through File Manager or Explorer.  However, we are unable to assign a drive through DOS to these directories.  We also cannot change to these directories while in DOS even though we can see them with the DIR command.  

This creates a major problem as our Netware clients (the majority of which run Win 3.1) must map drives to the server during the login process.  At this point, unless we give the group EVERYONE some kind of access to these user directories, we are unable to make these connections.  Of course this is not acceptable since we must segregate user files from each other for obvious security reasons.

Anyone have any thoughts on this?
0
Comment
Question by:sjohnso4
  • 3
  • 3
6 Comments
 

Expert Comment

by:jgibson030797
ID: 1559394
Sounds like you are still thinking "Novell"..

You didn't say what the share is for the Users directory. It should be something like \\NTSERVER\USERS or maybe in your case \\NTSERVER\EMPNBR. Regardless, the share should have everyone with Full Control.

 As far as file permissions go, the users directory ( or EMPNBR ) should be List(RX)(Not specified). This will prevent users making new and unwanted directories in the Users directory.

The individual directorys like User1, User2, etc. should have the file permissions set for that user with full control.

Users should map to the \\NTSERVER\Users  ( or EMPNBR ) share. All of the users directories will be listed in the share.

0
 

Author Comment

by:sjohnso4
ID: 1559395
Maybe I didn't explain correctly.  Everyone does have full control at all levels except for the individual user directories.  The individual directories have access rights for those users only.  When set like that, users cannot see their own directory when shelled to DOS (Win 3.1).  However they can view them in File Manager.  They also cannot assign drives in their migrated Netware login script for this same reason.  

In other words, unless everyone is given some kind of permission on the individual users directory, a DOS user will not see his files (or assign a drive).  

If we assign the drive share one level higher (at the "home drives" share, it will assign successfully because everyone has full control.  However, after that assignment they cannot change to their own directory (where everyone is not given permission).  Obviously opening up the user directories to everyone is a bit of a problem.
0
 

Expert Comment

by:jgibson030797
ID: 1559396
What exactly is the share name that the users are connecting to? ei. \\SERVERNAME\SHARENAME

Are you using file compression on these directories?

Also what network client are you using?


0
Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

 

Author Comment

by:sjohnso4
ID: 1559397
Users are connecting from three different client types:
 - Win 3.1 Novell
 - Win 95 using MS Client for Novell
 - Win NT machines running client service for netware

We have connected to both the root of the "home" directories (EMPNBR to be exact) and also to the user directories themselves.  This is under a FPNW SYSVOL share with Netware clients connecting so the rules are a little different.

Both NT machines connect with no problem using client for Netware (files can be accessed through Explorer or at the command prompt).  

The Win 95 and Win 3.1 machines can see the appropriate directory when using File Manager/Explorer.  However, when shelled to DOS they cannot change into the directory.  Its as if the directory does not exist even though you can do a DIR and see it.  To make things worse, they cannot assign a drive to anything on the FPNW SYSVOL unless EVERYONE has some kind of permission.  

With EVERYONE given LIST permission or better, we have succesfully connected to the \\server\home and \\server\home\user levels and changed to those directories in File Manager, Explorer, and DOS command prompt from all clients.

Thanks for your advice.... we appreciate the help
0
 

Accepted Solution

by:
jgibson030797 earned 100 total points
ID: 1559398
Glad I could be of some assistance..
0
 

Author Comment

by:sjohnso4
ID: 1559399
Users are connecting from three different client types:
 - Win 3.1 Novell
 - Win 95 using MS Client for Novell
 - Win NT machines running client service for netware

We have connected to both the root of the "home" directories (EMPNBR to be exact) and also to the user directories themselves.  This is under a FPNW SYSVOL share with Netware clients connecting so the rules are a little different.

Both NT machines connect with no problem using client for Netware (files can be accessed through Explorer or at the command prompt).  

The Win 95 and Win 3.1 machines can see the appropriate directory when using File Manager/Explorer.  However, when shelled to DOS they cannot change into the directory.  Its as if the directory does not exist even though you can do a DIR and see it.  To make things worse, they cannot assign a drive to anything on the FPNW SYSVOL unless EVERYONE has some kind of permission.  

With EVERYONE given LIST permission or better, we have succesfully connected to the \\server\home and \\server\home\user levels and changed to those directories in File Manager, Explorer, and DOS command prompt from all clients.

Thanks for your advice.... we appreciate the help
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
Greetings, Experts! First let me state that this website is top notch. I thoroughly enjoy the community that is shared here; those seeking help and those willing to sacrifice their time to help. It is fantastic. I am writing this article at th…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question