Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Cannot get rights to home folder!

Posted on 2006-06-25
5
Medium Priority
?
236 Views
Last Modified: 2010-08-05
Hi folks,

I have set up My Documents redirection to \\fileserver\users\%username

That works perfectly (after some headache). All users get their document folders when they log in.

I have created these top level folders from scratch, using the Profile utility when making a user. I would specify their Home path, and the server would create it and grant rights.

My problem is this now... all users that go to their My Documents, have NO rights to add/delete/update anything. They have read rights, but as I'm looking at the NTFS permissions, they have full rights to the folder!

Any ideas why this might be happening?

My \users\ directory is the share, has rights to "Everyone" to read and "Domain Admins" for full control... please let me know. As a test, I changed "Everyone" at the share level to have full control -- but now they have full control on every subfolder as well. If I deny "everyone" on NTFS level for each individual user account, then that user can't access their share either.

Thanks for any help! Time is of the essense with the answer :)
0
Comment
Question by:overworkedops
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 13

Expert Comment

by:itcoza
ID: 16979720
Hi overworkedops,

First things first.  Share Permissions are totally separate from NTFS permissions.

Regards,
M
0
 
LVL 13

Expert Comment

by:itcoza
ID: 16979738
What you need to do is to setup your NTFS permissions on the ..\users folder so that the "Domain Users" have Read access to that.  Do not remove "Domain Admins" or "Administrators" if they are there.  Now, you also have to redo the security on each user's folder if all your users have access to each opther's folders.  Give Each user full control over their own folder and remove all other unwanted security rights.

Once you are happy that your NTFS permissions are the way you want them, change the share permissions to "Administrators" Full and "Domain Users" Full.  Even though you have granted the Domain Users full access at the share level it will not change the higher level security that is NTFS.  

Let me know if you require more information on this subject.

Regards,
M
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 16979898
Folder re-direction permissions are quite fussy. Best as a rule to allow the policy to create the folders when possible, but the actually required permissions are outlined in the last part of the following link:
http://technet2.microsoft.com/WindowsServer/en/Library/a1b7ce04-708b-4145-830a-cadfc003acd31033.mspx?mfr=true
0
 
LVL 13

Expert Comment

by:itcoza
ID: 16980233
overworkedops,

Do you need more information?

*****************************
Regards, M
   
0
 
LVL 3

Accepted Solution

by:
jarremopoulos earned 2000 total points
ID: 16981716
hi overworkedops,

I´ve using this configuration and it works fine.

Share permissions:
Domain Admins -> Full Control
Domain Users -> Change or full

NTFS permissions:
Domain users -> Read (this folder only)
CREATOR OWNER -> Full control (subfolders and files)
Administrators -> Full control
SYSTEM -> Full control

And you must delete existing users home folders and then re-create them via user account  profile sheet (\\fileserver\users\%USERNAME% )

Then homefolders get proper rights.

JMpouloZ

0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question