Home drive permissions not working!

Posted on 2007-08-11
Last Modified: 2013-11-05
Hi all,

I'm pulling my hair out over this very simple problem. All users on the domain are able to access (read/write) any other users home drive.

Here are my permissions:

M:\Staff - SHARE Permissions

Authenticated Users - Change, Read

M:\Staff - NTFS Permissions

Authenticated Users - Traverse Folder/Execute File, List Folder/Read Data, Read Attributes, Read Permissions

M:\Staff\brete - Example user NTFS Permissions

Brete - Full
Administrators - Full

Any ideas? Thanks in advance!

Question by:dkattan
    LVL 32

    Expert Comment

    by:Luc Franken
    Hello dkattan,

    Reading quickly through your permissions:
    Authenticated Users - Change, Read

    This means that everyone who's authenticated on your domain has change rights, so if you restrict these, you can refuse others to change anything on that share.


    LVL 27

    Expert Comment

    by:Jason Watkins
    How are you mapping the shares?  From group policy or the user's account properties?

    You have to be careful when dealing with Share permissions & NTFS permissions, they combine to yield the most restrictive settings.

    Consider hiding the user's home directory in "Staff", & mapping it that way.

    LVL 30

    Expert Comment

    Also be careful with inheritance.  You should apply 'Read' NTFS permissions at the home directories' parent folder and assign the permission to that folder only.  That way users can navigate to the top-level folder without having unintended access to other user home folders underneath it.
    LVL 70

    Accepted Solution

    It you use group policy to re-direct My Documents then the folders and permissions are created and set automatically, I would use that metod in preference to setting all the permissions automatically
    LVL 8

    Expert Comment

    Are you saying that any user (who it not a member of Administrators), can go into M:\Staff\brete and read/write/delete new files and existing files?

    Have a look in the Advanced permissions dialog box to see if any further details are shown.

    The share permission on 'Authenticated User: Change, Read', simply means that when connecting via that share, the maximium permissions anyone will have (regardless of NTFS permissions) will be Change, Read.

    Featured Post

    Find Ransomware Secrets With All-Source Analysis

    Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

    Join & Write a Comment

    It is only natural that we all want our PCs to be in good working order, improved system performance, so that is exactly how programs are advertised to entice. They say things like:            •      PC crashes? Get registry cleaner to repair it!    …
    If you have done a reformat of your hard drive and proceeded to do a successful Windows XP installation, you may notice that a choice between two operating systems when you start up the machine. Here is how to get rid of this: Click Start Clic…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now