overworkedops
asked on
Cannot get rights to home folder!
Hi folks,
I have set up My Documents redirection to \\fileserver\users\%userna
That works perfectly (after some headache). All users get their document folders when they log in.
I have created these top level folders from scratch, using the Profile utility when making a user. I would specify their Home path, and the server would create it and grant rights.
My problem is this now... all users that go to their My Documents, have NO rights to add/delete/update anything. They have read rights, but as I'm looking at the NTFS permissions, they have full rights to the folder!
Any ideas why this might be happening?
My \users\ directory is the share, has rights to "Everyone" to read and "Domain Admins" for full control... please let me know. As a test, I changed "Everyone" at the share level to have full control -- but now they have full control on every subfolder as well. If I deny "everyone" on NTFS level for each individual user account, then that user can't access their share either.
Thanks for any help! Time is of the essense with the answer :)
I have set up My Documents redirection to \\fileserver\users\%userna
That works perfectly (after some headache). All users get their document folders when they log in.
I have created these top level folders from scratch, using the Profile utility when making a user. I would specify their Home path, and the server would create it and grant rights.
My problem is this now... all users that go to their My Documents, have NO rights to add/delete/update anything. They have read rights, but as I'm looking at the NTFS permissions, they have full rights to the folder!
Any ideas why this might be happening?
My \users\ directory is the share, has rights to "Everyone" to read and "Domain Admins" for full control... please let me know. As a test, I changed "Everyone" at the share level to have full control -- but now they have full control on every subfolder as well. If I deny "everyone" on NTFS level for each individual user account, then that user can't access their share either.
Thanks for any help! Time is of the essense with the answer :)
What you need to do is to setup your NTFS permissions on the ..\users folder so that the "Domain Users" have Read access to that. Do not remove "Domain Admins" or "Administrators" if they are there. Now, you also have to redo the security on each user's folder if all your users have access to each opther's folders. Give Each user full control over their own folder and remove all other unwanted security rights.
Once you are happy that your NTFS permissions are the way you want them, change the share permissions to "Administrators" Full and "Domain Users" Full. Even though you have granted the Domain Users full access at the share level it will not change the higher level security that is NTFS.
Let me know if you require more information on this subject.
Regards,
M
Once you are happy that your NTFS permissions are the way you want them, change the share permissions to "Administrators" Full and "Domain Users" Full. Even though you have granted the Domain Users full access at the share level it will not change the higher level security that is NTFS.
Let me know if you require more information on this subject.
Regards,
M
Folder re-direction permissions are quite fussy. Best as a rule to allow the policy to create the folders when possible, but the actually required permissions are outlined in the last part of the following link:
http://technet2.microsoft.com/WindowsServer/en/Library/a1b7ce04-708b-4145-830a-cadfc003acd31033.mspx?mfr=true
http://technet2.microsoft.com/WindowsServer/en/Library/a1b7ce04-708b-4145-830a-cadfc003acd31033.mspx?mfr=true
overworkedops,
Do you need more information?
**************************
Regards, M
Do you need more information?
**************************
Regards, M
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
First things first. Share Permissions are totally separate from NTFS permissions.
Regards,
M