NTSF Permissions with roaming profile

I have a Windows 2003 server using roaming profiles. The student files are in folder 2, these are connected to thier rooming profiles. When they are logged into the system using thier profile, I would like the only folder they can see and have access to is foder B. Currently when the student is logged on to the profile, it can'd find the profile and when they log off it says it cannot save thier profile because it cannot find it. When they are logged into thier profile, when they go to network places the only thing I want them to be able to see and have access to is folder B. Can someone please help. If I want to be able to save to folder 2, does drive a, folder A and folder 1 also have too have write permissions or just read permissions.
drive a
      -folder A
             -folder 1
                     - folder 2
       - folder B
       - folder C
stevek65Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

lamaslanyCommented:
I'm not sure I fully understand what you are trying to do.

Do you mean that the student's files are in folder 2 or that students files are in folder 2?

How are you mapping to the roaming profile?  Is this a redirection on the local machine or is their folder on a network share?


Typically you might have:

(on the file server)
E:\Users
             \Staff
                      \User1
                      \User2
                      \User3
             \Student
                      \User4
                      \User5
                      \User6

E:\Users might then be shared to be accessible via \\servername\users

So User4 might map to \\servername\users\Student\User4

The problem is that to see as far as User4 they need to be able to navigate through the parent folders.  Even if users are not supposed to be able to read other folders they are still displayed in explorer.

If that is what you are trying to prevent you should use Windows Server 2003 Access-based Enumeration: http://www.microsoft.com/downloads/details.aspx?FamilyId=04A563D9-78D9-4342-A485-B030AC442084&displaylang=en

If a user doesn't have rights to see a folder it is now hidden.

Now if the user tries to move back all they will see is \\servername\users containing just one folder 'students' and that folder will just contain 'User4'.

Of course this only works if your NTFS permissions are set right in the first place.


If the above sounds like what you want to do give ABE a try; if not can you provide more information about what you are trying to achieve?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
stevek65Author Commented:
This is what i have.
E:\
     \Students
            \2008
                  \student1
                  \student2
            \2009
                  \student3
                  \student4
       \Teachers
       \StudentLabs
       \MPPro


Each student has a roaming profile:
              E:\Students\2008\student1

The student logs into the roaming profile using a client computer. Some students are getting cant find user profile, some are getting cans save on log off.
When the students are logged into their profile, when the go to network places, I would like them to only be able to see and copy files from the \StudentLabs folder and \MPPro folder. The student runs an application on the computer that needs to access the \MPPro folder. I do not want the student to have access to anyones folder but their own.
Another problem I am having is when I log into the client computer as the client administrator, when I go to network places I can get into any folder I want to.

If a user is in two different groups. One group having just read permissions, the other group having full control, which permissions do they actually have?
Can anyone help?

         
0
lamaslanyCommented:
Sorry stevek65 I'm still not sure how users are mapping to this profile - how are you setting this?  GPO or via AD user properties?


"If a user is in two different groups. One group having just read permissions, the other group having full control, which permissions do they actually have?"

Assuming that none of the groups is actively denied access they will use the most permissive - full control.
0
stevek65Author Commented:
I am using active directory. I have tried many different options and seems that if I don't set the students with full control at the root level they can't find the roaming profiles.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Server Software

From novice to tech pro — start learning today.