Permissions on User Directory - Access Denied
I have a very strange situation. On my Win2k DC, all the user directories are stored under the share 'Home' \ username . everything was fine till last week when a user reported that he cannot do anything other then view in his personal folder. Something weired has happend, all the permissions seem to be fine, i even looked via CACLS and the user has permissions, but they cannot do anyting, modify or write, all they can do is read. if i create a new folder outside of 'home' eveything this fine, but all the user directories under home cannot be accessed for modification except for the domain admins, does anyone have any suggestions or seen this problem before, please let me know.
Thanks!
Thanks!
Sounds like someone did an apply to all subdirectories when they created a directory higher than where you are and gave it Read Only permissions. You might just end up have to re-permission everyone now.
what are the permissions on the "Home" directory? Have you changed something there and then had it propogate down?
dawne :)
dawne :)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for all your comments guys, I figured out the problem, either me or the other admin took off the 'full' and 'change' permission under the 'Share Permissions' and i think this was trickling down, users can modify within their directories after i checked the full and change options. I will split up the point.
I will add bonus point to anyone of you who can assist me with what the standard permissions hierarchy should be on shared user directories on a LAN. And the proper way of doing it. Currently I have the Domain Admin and the user access to the folder, I have taken out everything else, thanks for you help in advance.
Z
I will add bonus point to anyone of you who can assist me with what the standard permissions hierarchy should be on shared user directories on a LAN. And the proper way of doing it. Currently I have the Domain Admin and the user access to the folder, I have taken out everything else, thanks for you help in advance.
Z
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
If everyone has full control then everyone else will be getting into everyone elses folders, i don't want the janitors reading the strategic plans.
Thanks
Thanks
If the folders are properly secured with NTFS Permissions, nobody will get to any data they are not allowed to get to. Adding the Share Permission level of "security" only unneccessarily complicates things.
If you have a folder and the Share Permissions are Everyone - Full Control, and the NTFS Permissions are Administrator - Full Control (no other entries in Security), ONLY the Administrator account will get in the folder.
If you have a folder and the Share Permissions are Everyone - Full Control, and the NTFS Permissions are Administrator - Full Control (no other entries in Security), ONLY the Administrator account will get in the folder.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
pcbrat...
that will work if all of your client PCs are win2k or XP. Pre-2k cannot map to a folder under a share, only directly to the share.
that will work if all of your client PCs are win2k or XP. Pre-2k cannot map to a folder under a share, only directly to the share.
you are right....and I am...(all win2k/xp)..
:)
:)
ASKER
Thanks for all the tips. Dawn, your tip was helpful, it is the most basic thing as a net admin you should know which i overlooked, i had my user directories open, I will implement the hidden share on it immediately. The share permission will be everyone 'FCR' and the NTFS on each individual user folder would be that user full control and the domain admins full control and nothing else.
I really appreciate all the comments and suggestions.
Thanks to all.
I really appreciate all the comments and suggestions.
Thanks to all.
Your welcome....and glad to know we couls help....sometimes even the best of us overlook the simple things....thats why we have places like EE to help other IT people out there!
got each others back as they say :)
got each others back as they say :)
take over the ownership of the directory and then grant the user access again.
sometimes you have to do this 2 times to get the problem fixed