Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Individual user folder share access

Posted on 2005-03-03
9
Medium Priority
?
263 Views
Last Modified: 2010-03-18
Hello, running w2k3 server, active directory.  

i have a folder "mktsupt" with 30 users in it, the way it was configured anyone can get into another employees folder and change things which is bad.  I tried removing the everyone group and adding the specific user but when i test it theres no way in.

i'm basically looking for a way withing a central diretory to only allow MikeS to get into MikeS's folder and change it.

thanks.
matt
0
Comment
Question by:dosle
9 Comments
 
LVL 7

Expert Comment

by:blin2000
ID: 13451155
you need to do that in sharing tab and security tab.
0
 
LVL 15

Accepted Solution

by:
Joseph Hornsey earned 1000 total points
ID: 13452072
Matt,

Here are my assumptions:

1. You've shared "mktsupt" out to the network
2. Users are using these as 'home folders'; i.e., they're using their folders to store their own stuff.

Here's what I would do:

1. Create a new folder and share it out.  On  both the share and on NTFS, remove Everyone and add Domain Users and give Domain Users the Full Control permission.
2. Go into Active Directory Users and Computers and open one of the accounts.
3. Click on the "Profiles" tab and under the "Home Folders" section, select "Connect" and a drive letter and in the "To" box, put in \\servername\share\%username% where 'servername' is the name of the server and 'share' is the name of the share that you just created.  The '%username%' is a variable and should be typed in exaclty as I wrote it in the path.

Active Directory will automatically create a folder for the user and assign the appropriate permissions.  The next time the user logs in, they'll have a mapped drive letter pointing to this folder and they won't be able to get into anyone else's folder.  Then, start moving files from the 'mktsupt' folder into each user's home folder.

<-=+=->
0
 
LVL 3

Expert Comment

by:scomo1026
ID: 13452203
I agree with Splinter's design 100%.  I would recommend in step one that instead of giving doamin users full control that you give them change permissions and also add the domain admin group at full control.  Micrososft always recommends never giving more permissions than neccessary (this was also a question on one of the mcse tests).
0
Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

 
LVL 1

Author Comment

by:dosle
ID: 13453834
thanks splinter i just tested that myself and it works great.  now to think up something for the local log-on users.
0
 
LVL 1

Author Comment

by:dosle
ID: 13459621
last night i made changes so a few users have this home folder setup with a mapped drive.  now if i bypass the mapped drive by going from network neighborhood to the other peoples home folders i can get in, add/del folders, change whatever.  Is there a certain permissions trick i need to apply to the root user folder?
0
 
LVL 15

Expert Comment

by:Joseph Hornsey
ID: 13459887
Is the volume an NTFS volume?
0
 
LVL 15

Expert Comment

by:Joseph Hornsey
ID: 13459911
... in continuation....

It sounds like an NTFS permissions problem.  Right-click on each folder and clear the check box for inheritance; when the pop-up comes up asking you to copy, remove or cancel, select copy.  Then remove the Domain Users from the list of permissions.

I'm not sure if this is the problem...

<-=+=->
0
 
LVL 1

Author Comment

by:dosle
ID: 13460066
yes, its an ntfs vol.  i tried clearing inheritance and that didn't seem to do anything...  the users in the security tab are 'administrators' 'creatot owner' 'johndoeuser(johndoeuser@inside.domain.com' 'SYSTEM' 'users'
0
 
LVL 15

Expert Comment

by:Joseph Hornsey
ID: 13460208
You need to remove the "Users" group from each folder.  To do this:

1. In Explorer, right-click on the folder and go to "Properties"
2. Click on the "Security" tab and clear the "Allow inheritable permissions from the parent to propogate to this object" check box
3. In the window that pops up, select "Copy"
4. Select "Users" from the list of users and groups and click "Remove"
5. Click on the "Advanced" button
6. Put a check in the "Reset permissions on all child objects and enable propogation of inheritable permissions" check box
7. Click "OK"
8. Click "OK"

Remember that when you modify permisisons on a shared folder (whether you modify share or NTFS permissions) you'll need to get the users to log off and log back on again in order for them to receive (or lose) the new permissions.

<-=+=->
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A brief overview to explain gateways, default gateways and static routes OR NO - you CANNOT have two default gateways on the same server, PC or other Windows-based network device. In simple terms a gateway is formed when a computer such as a serv…
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
The Relationships Diagram is a good way to get an overall view of what a database is keeping track of. It is also where relationships are defined. A relationship specifies how two tables connect to each other. As you build tables in Microsoft Ac…

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question