Individual user folder share access

Posted on 2005-03-03
Medium Priority
Last Modified: 2010-03-18
Hello, running w2k3 server, active directory.  

i have a folder "mktsupt" with 30 users in it, the way it was configured anyone can get into another employees folder and change things which is bad.  I tried removing the everyone group and adding the specific user but when i test it theres no way in.

i'm basically looking for a way withing a central diretory to only allow MikeS to get into MikeS's folder and change it.

Question by:dosle
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 13451155
you need to do that in sharing tab and security tab.
LVL 14

Accepted Solution

Joseph Hornsey earned 1000 total points
ID: 13452072

Here are my assumptions:

1. You've shared "mktsupt" out to the network
2. Users are using these as 'home folders'; i.e., they're using their folders to store their own stuff.

Here's what I would do:

1. Create a new folder and share it out.  On  both the share and on NTFS, remove Everyone and add Domain Users and give Domain Users the Full Control permission.
2. Go into Active Directory Users and Computers and open one of the accounts.
3. Click on the "Profiles" tab and under the "Home Folders" section, select "Connect" and a drive letter and in the "To" box, put in \\servername\share\%username% where 'servername' is the name of the server and 'share' is the name of the share that you just created.  The '%username%' is a variable and should be typed in exaclty as I wrote it in the path.

Active Directory will automatically create a folder for the user and assign the appropriate permissions.  The next time the user logs in, they'll have a mapped drive letter pointing to this folder and they won't be able to get into anyone else's folder.  Then, start moving files from the 'mktsupt' folder into each user's home folder.


Expert Comment

ID: 13452203
I agree with Splinter's design 100%.  I would recommend in step one that instead of giving doamin users full control that you give them change permissions and also add the domain admin group at full control.  Micrososft always recommends never giving more permissions than neccessary (this was also a question on one of the mcse tests).
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users


Author Comment

ID: 13453834
thanks splinter i just tested that myself and it works great.  now to think up something for the local log-on users.

Author Comment

ID: 13459621
last night i made changes so a few users have this home folder setup with a mapped drive.  now if i bypass the mapped drive by going from network neighborhood to the other peoples home folders i can get in, add/del folders, change whatever.  Is there a certain permissions trick i need to apply to the root user folder?
LVL 14

Expert Comment

by:Joseph Hornsey
ID: 13459887
Is the volume an NTFS volume?
LVL 14

Expert Comment

by:Joseph Hornsey
ID: 13459911
... in continuation....

It sounds like an NTFS permissions problem.  Right-click on each folder and clear the check box for inheritance; when the pop-up comes up asking you to copy, remove or cancel, select copy.  Then remove the Domain Users from the list of permissions.

I'm not sure if this is the problem...


Author Comment

ID: 13460066
yes, its an ntfs vol.  i tried clearing inheritance and that didn't seem to do anything...  the users in the security tab are 'administrators' 'creatot owner' 'johndoeuser(johndoeuser@inside.domain.com' 'SYSTEM' 'users'
LVL 14

Expert Comment

by:Joseph Hornsey
ID: 13460208
You need to remove the "Users" group from each folder.  To do this:

1. In Explorer, right-click on the folder and go to "Properties"
2. Click on the "Security" tab and clear the "Allow inheritable permissions from the parent to propogate to this object" check box
3. In the window that pops up, select "Copy"
4. Select "Users" from the list of users and groups and click "Remove"
5. Click on the "Advanced" button
6. Put a check in the "Reset permissions on all child objects and enable propogation of inheritable permissions" check box
7. Click "OK"
8. Click "OK"

Remember that when you modify permisisons on a shared folder (whether you modify share or NTFS permissions) you'll need to get the users to log off and log back on again in order for them to receive (or lose) the new permissions.


Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question