Individual user folder share access

Hello, running w2k3 server, active directory.  

i have a folder "mktsupt" with 30 users in it, the way it was configured anyone can get into another employees folder and change things which is bad.  I tried removing the everyone group and adding the specific user but when i test it theres no way in.

i'm basically looking for a way withing a central diretory to only allow MikeS to get into MikeS's folder and change it.

thanks.
matt
LVL 1
dosleAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

blin2000Commented:
you need to do that in sharing tab and security tab.
0
Joseph HornseyPresident and JanitorCommented:
Matt,

Here are my assumptions:

1. You've shared "mktsupt" out to the network
2. Users are using these as 'home folders'; i.e., they're using their folders to store their own stuff.

Here's what I would do:

1. Create a new folder and share it out.  On  both the share and on NTFS, remove Everyone and add Domain Users and give Domain Users the Full Control permission.
2. Go into Active Directory Users and Computers and open one of the accounts.
3. Click on the "Profiles" tab and under the "Home Folders" section, select "Connect" and a drive letter and in the "To" box, put in \\servername\share\%username% where 'servername' is the name of the server and 'share' is the name of the share that you just created.  The '%username%' is a variable and should be typed in exaclty as I wrote it in the path.

Active Directory will automatically create a folder for the user and assign the appropriate permissions.  The next time the user logs in, they'll have a mapped drive letter pointing to this folder and they won't be able to get into anyone else's folder.  Then, start moving files from the 'mktsupt' folder into each user's home folder.

<-=+=->
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
scomo1026Commented:
I agree with Splinter's design 100%.  I would recommend in step one that instead of giving doamin users full control that you give them change permissions and also add the domain admin group at full control.  Micrososft always recommends never giving more permissions than neccessary (this was also a question on one of the mcse tests).
0
Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

dosleAuthor Commented:
thanks splinter i just tested that myself and it works great.  now to think up something for the local log-on users.
0
dosleAuthor Commented:
last night i made changes so a few users have this home folder setup with a mapped drive.  now if i bypass the mapped drive by going from network neighborhood to the other peoples home folders i can get in, add/del folders, change whatever.  Is there a certain permissions trick i need to apply to the root user folder?
0
Joseph HornseyPresident and JanitorCommented:
Is the volume an NTFS volume?
0
Joseph HornseyPresident and JanitorCommented:
... in continuation....

It sounds like an NTFS permissions problem.  Right-click on each folder and clear the check box for inheritance; when the pop-up comes up asking you to copy, remove or cancel, select copy.  Then remove the Domain Users from the list of permissions.

I'm not sure if this is the problem...

<-=+=->
0
dosleAuthor Commented:
yes, its an ntfs vol.  i tried clearing inheritance and that didn't seem to do anything...  the users in the security tab are 'administrators' 'creatot owner' 'johndoeuser(johndoeuser@inside.domain.com' 'SYSTEM' 'users'
0
Joseph HornseyPresident and JanitorCommented:
You need to remove the "Users" group from each folder.  To do this:

1. In Explorer, right-click on the folder and go to "Properties"
2. Click on the "Security" tab and clear the "Allow inheritable permissions from the parent to propogate to this object" check box
3. In the window that pops up, select "Copy"
4. Select "Users" from the list of users and groups and click "Remove"
5. Click on the "Advanced" button
6. Put a check in the "Reset permissions on all child objects and enable propogation of inheritable permissions" check box
7. Click "OK"
8. Click "OK"

Remember that when you modify permisisons on a shared folder (whether you modify share or NTFS permissions) you'll need to get the users to log off and log back on again in order for them to receive (or lose) the new permissions.

<-=+=->
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Networking

From novice to tech pro — start learning today.