Solved

Netware Migration - File Permissions

Posted on 1997-03-13
6
333 Views
Last Modified: 2013-12-19
We are converting users and files from a Netware 3.11 server to a WIndows NT 4.0 domain.  We have installed FPNW on the NT side and are using the migration tool to bring over accounts and files.  The migration tool successfully brings across the users, groups, and files.  Our problem deals with permissions on files after they have been brought over to the NT Server.  More specifically, permissions when a netware compatible user accesses files residing on NT.  

Our directory structure looks like this:
C:\SYSVOL\USERS\EMPNBR\user1  (user1 has Full Control)
                      \user2  (user2 has Full Control)  etc.
We need to set permissions so that the group EVERYONE does not have access to the "user1,user2" directories.  Only individual users should have access to these home directories.  We have experienced a problem when removing the EVERYONE groups permissions from these user directories.  The user no longer has access from DOS 6.22 clients, and Windows 3.1 or Win 95 clients shelled to DOS.  We can actually see these directories when using File Manager or Explorer (logged on as the individual user account).  We can even edit and save changes to the files through File Manager or Explorer.  However, we are unable to assign a drive through DOS to these directories.  We also cannot change to these directories while in DOS even though we can see them with the DIR command.  

This creates a major problem as our Netware clients (the majority of which run Win 3.1) must map drives to the server during the login process.  At this point, unless we give the group EVERYONE some kind of access to these user directories, we are unable to make these connections.  Of course this is not acceptable since we must segregate user files from each other for obvious security reasons.

Anyone have any thoughts on this?
0
Comment
Question by:sjohnso4
  • 3
  • 3
6 Comments
 

Expert Comment

by:jgibson030797
ID: 1559394
Sounds like you are still thinking "Novell"..

You didn't say what the share is for the Users directory. It should be something like \\NTSERVER\USERS or maybe in your case \\NTSERVER\EMPNBR. Regardless, the share should have everyone with Full Control.

 As far as file permissions go, the users directory ( or EMPNBR ) should be List(RX)(Not specified). This will prevent users making new and unwanted directories in the Users directory.

The individual directorys like User1, User2, etc. should have the file permissions set for that user with full control.

Users should map to the \\NTSERVER\Users  ( or EMPNBR ) share. All of the users directories will be listed in the share.

0
 

Author Comment

by:sjohnso4
ID: 1559395
Maybe I didn't explain correctly.  Everyone does have full control at all levels except for the individual user directories.  The individual directories have access rights for those users only.  When set like that, users cannot see their own directory when shelled to DOS (Win 3.1).  However they can view them in File Manager.  They also cannot assign drives in their migrated Netware login script for this same reason.  

In other words, unless everyone is given some kind of permission on the individual users directory, a DOS user will not see his files (or assign a drive).  

If we assign the drive share one level higher (at the "home drives" share, it will assign successfully because everyone has full control.  However, after that assignment they cannot change to their own directory (where everyone is not given permission).  Obviously opening up the user directories to everyone is a bit of a problem.
0
 

Expert Comment

by:jgibson030797
ID: 1559396
What exactly is the share name that the users are connecting to? ei. \\SERVERNAME\SHARENAME

Are you using file compression on these directories?

Also what network client are you using?


0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:sjohnso4
ID: 1559397
Users are connecting from three different client types:
 - Win 3.1 Novell
 - Win 95 using MS Client for Novell
 - Win NT machines running client service for netware

We have connected to both the root of the "home" directories (EMPNBR to be exact) and also to the user directories themselves.  This is under a FPNW SYSVOL share with Netware clients connecting so the rules are a little different.

Both NT machines connect with no problem using client for Netware (files can be accessed through Explorer or at the command prompt).  

The Win 95 and Win 3.1 machines can see the appropriate directory when using File Manager/Explorer.  However, when shelled to DOS they cannot change into the directory.  Its as if the directory does not exist even though you can do a DIR and see it.  To make things worse, they cannot assign a drive to anything on the FPNW SYSVOL unless EVERYONE has some kind of permission.  

With EVERYONE given LIST permission or better, we have succesfully connected to the \\server\home and \\server\home\user levels and changed to those directories in File Manager, Explorer, and DOS command prompt from all clients.

Thanks for your advice.... we appreciate the help
0
 

Accepted Solution

by:
jgibson030797 earned 100 total points
ID: 1559398
Glad I could be of some assistance..
0
 

Author Comment

by:sjohnso4
ID: 1559399
Users are connecting from three different client types:
 - Win 3.1 Novell
 - Win 95 using MS Client for Novell
 - Win NT machines running client service for netware

We have connected to both the root of the "home" directories (EMPNBR to be exact) and also to the user directories themselves.  This is under a FPNW SYSVOL share with Netware clients connecting so the rules are a little different.

Both NT machines connect with no problem using client for Netware (files can be accessed through Explorer or at the command prompt).  

The Win 95 and Win 3.1 machines can see the appropriate directory when using File Manager/Explorer.  However, when shelled to DOS they cannot change into the directory.  Its as if the directory does not exist even though you can do a DIR and see it.  To make things worse, they cannot assign a drive to anything on the FPNW SYSVOL unless EVERYONE has some kind of permission.  

With EVERYONE given LIST permission or better, we have succesfully connected to the \\server\home and \\server\home\user levels and changed to those directories in File Manager, Explorer, and DOS command prompt from all clients.

Thanks for your advice.... we appreciate the help
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now