[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

NTSF Permissions with roaming profile

Posted on 2008-01-26
4
Medium Priority
?
233 Views
Last Modified: 2013-12-02
I have a Windows 2003 server using roaming profiles. The student files are in folder 2, these are connected to thier rooming profiles. When they are logged into the system using thier profile, I would like the only folder they can see and have access to is foder B. Currently when the student is logged on to the profile, it can'd find the profile and when they log off it says it cannot save thier profile because it cannot find it. When they are logged into thier profile, when they go to network places the only thing I want them to be able to see and have access to is folder B. Can someone please help. If I want to be able to save to folder 2, does drive a, folder A and folder 1 also have too have write permissions or just read permissions.
drive a
      -folder A
             -folder 1
                     - folder 2
       - folder B
       - folder C
0
Comment
Question by:stevek65
  • 2
  • 2
4 Comments
 
LVL 19

Accepted Solution

by:
lamaslany earned 2000 total points
ID: 20751270
I'm not sure I fully understand what you are trying to do.

Do you mean that the student's files are in folder 2 or that students files are in folder 2?

How are you mapping to the roaming profile?  Is this a redirection on the local machine or is their folder on a network share?


Typically you might have:

(on the file server)
E:\Users
             \Staff
                      \User1
                      \User2
                      \User3
             \Student
                      \User4
                      \User5
                      \User6

E:\Users might then be shared to be accessible via \\servername\users

So User4 might map to \\servername\users\Student\User4

The problem is that to see as far as User4 they need to be able to navigate through the parent folders.  Even if users are not supposed to be able to read other folders they are still displayed in explorer.

If that is what you are trying to prevent you should use Windows Server 2003 Access-based Enumeration: http://www.microsoft.com/downloads/details.aspx?FamilyId=04A563D9-78D9-4342-A485-B030AC442084&displaylang=en

If a user doesn't have rights to see a folder it is now hidden.

Now if the user tries to move back all they will see is \\servername\users containing just one folder 'students' and that folder will just contain 'User4'.

Of course this only works if your NTFS permissions are set right in the first place.


If the above sounds like what you want to do give ABE a try; if not can you provide more information about what you are trying to achieve?
0
 

Author Comment

by:stevek65
ID: 20751881
This is what i have.
E:\
     \Students
            \2008
                  \student1
                  \student2
            \2009
                  \student3
                  \student4
       \Teachers
       \StudentLabs
       \MPPro


Each student has a roaming profile:
              E:\Students\2008\student1

The student logs into the roaming profile using a client computer. Some students are getting cant find user profile, some are getting cans save on log off.
When the students are logged into their profile, when the go to network places, I would like them to only be able to see and copy files from the \StudentLabs folder and \MPPro folder. The student runs an application on the computer that needs to access the \MPPro folder. I do not want the student to have access to anyones folder but their own.
Another problem I am having is when I log into the client computer as the client administrator, when I go to network places I can get into any folder I want to.

If a user is in two different groups. One group having just read permissions, the other group having full control, which permissions do they actually have?
Can anyone help?

         
0
 
LVL 19

Expert Comment

by:lamaslany
ID: 20753906
Sorry stevek65 I'm still not sure how users are mapping to this profile - how are you setting this?  GPO or via AD user properties?


"If a user is in two different groups. One group having just read permissions, the other group having full control, which permissions do they actually have?"

Assuming that none of the groups is actively denied access they will use the most permissive - full control.
0
 

Author Comment

by:stevek65
ID: 20767833
I am using active directory. I have tried many different options and seems that if I don't set the students with full control at the root level they can't find the roaming profiles.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Make the most of your online learning experience.
If you try to migrate from Elastix to Issabel, you will face a lot of issues. These problems are inevitable but fortunately, you can fix them. In the guide below, I will explain how I performed the migration while keeping all data and successfully t…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

590 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question