bgcm12
asked on
granting access to all user areas to a new domain-local group.
Hello,
I have created a new domain local security group. I want members of this group to have access to users home-drive shares.
I don't want to manually add the group to the ACL of each users share.
I thought that it would be a case of adding the new group to the ACL of the root directory holding the user shares and within the advanced tab checking "replace permission on child objects" - but this will remove the permissions for the specific user of the homedrive.
Is there an easy way for me to add this group to all user shares?
Thanks in advance.
I have created a new domain local security group. I want members of this group to have access to users home-drive shares.
I don't want to manually add the group to the ACL of each users share.
I thought that it would be a case of adding the new group to the ACL of the root directory holding the user shares and within the advanced tab checking "replace permission on child objects" - but this will remove the permissions for the specific user of the homedrive.
Is there an easy way for me to add this group to all user shares?
Thanks in advance.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I (hopefully) understand your question now. Caclc will only modify NTFS permissions and not share permissions.
And regarding your last post: If you create a new share under XP or WIndows 2003, it will have "Read" as default permission. If you need "Change", you have to modify the share perrmission.
I normally leave Everyone:Full for the share and only restrict the NTFS permissions to match my requirements, but thats a matter of taste.
I'd use rmtshare.exe (an old Microsoft Resource Kit NT 4.0 tool) to modify the share permissions. Problem: NT 4 resource kit is no longer available.
I'm searching for it...
And regarding your last post: If you create a new share under XP or WIndows 2003, it will have "Read" as default permission. If you need "Change", you have to modify the share perrmission.
I normally leave Everyone:Full for the share and only restrict the NTFS permissions to match my requirements, but thats a matter of taste.
I'd use rmtshare.exe (an old Microsoft Resource Kit NT 4.0 tool) to modify the share permissions. Problem: NT 4 resource kit is no longer available.
I'm searching for it...
see: http://www.jsifaq.com/SF/Tips/Tip.aspx?id=6353
You can download rmtshare here:ftp://ftp.microsoft.com/bussys/winnt/winnt-public/reskit/nt40/i386/RMTSHAR.EXE
Hope it helps,
michael
You can download rmtshare here:ftp://ftp.microsoft.com/bussys/winnt/winnt-public/reskit/nt40/i386/RMTSHAR.EXE
Hope it helps,
michael
ASKER
Thanks for your efforts Michael.
I too prefer to restrict by NTFS security - but there intially seemed to be a problem with the CACLS method. After a reboot, it works perfectly - members of the new group added to the users' home shares now have change permissions.
Thanks again.
Ben
I too prefer to restrict by NTFS security - but there intially seemed to be a problem with the CACLS method. After a reboot, it works perfectly - members of the new group added to the users' home shares now have change permissions.
Thanks again.
Ben
ASKER
Upon checking the individual user areas and sub-folders, (both above and below the user's directory where the command crashed out) the new usergroup specified seems to have been added with the relevant Change privilges.
However, when logged in as a user who is a member of this group with the ability to change files- they do not have the ability to map to the share. I therefore explicitly shared the homedrives folder, tried again to map to it from a user with Change priviliges - of course, they then had the ability to map to the drive and read files with the drive - but they cannot modify or write to any of the user homedrives...
any ideas please?
Increasing points available...