Solved

Possible rights issue with user`s network drives

Posted on 2008-10-08
8
176 Views
Last Modified: 2011-09-20
Dear Experts,

We ran into an issue with the user network drives. 2 users that I know of have this issue.
Originally when I started, all user personal network drives were setup as shares on the Windows2003 Server. We changed it from being shared.
Now in the properties of the indiviudal user folders is the following:

Security Tab
Domain Admin - Full Control
User - Full Control

Security > Adavanced

Allow - Domain Admins - <not inhereted> - This folder, subfolders and files
Allow  - User-------------- <not inhereted> - This folder, subfolders and files

Allow inhereted is not checked
Replace permissions is not checked

Owner Tab
Administrator

Effective Permissions
None checked.


User`s entire directory is shared and setup as the following:
Security tab
Administrators - Special Permissions
Creator Owner - Special Permissions
Domain Admin - Full Control
System -  Full Control

Security > Advanced
Allow - Administrators - Full Control - <not inhereted>
Allow - Creator Owner -Full Control - <not inhereted>
Allow - Domain Admins- Full Control - <not inhereted>
Allow -System              - Full Control - <not inhereted>

Security > Owner tab
Administartor of the domain
Administrators

Security> Effective Permissions
nothing is checked

here is the weird part. I logged in as the user form a different machine and was able to rename, create and delete files. When user is logged in from her machine, che can create new folders but can't rename any of the folders or subfolders. I thought it had something to do with either the directory (user folder), so i recereated it and still have the same issue. Disjointed the PC from the domain and recreated th elocal profile, still the same issue.

Does it look like permissions are not setup correctly ?
Also, one PC is a laptop the other one is a desktop. Both have Windows XP with SP3 installed. Other users who`s permissions are setup identically don't have the same issue. This used to be an NT domain before, so I'm not sure how things were setup originally.




0
Comment
Question by:technomic
  • 5
  • 3
8 Comments
 
LVL 2

Author Comment

by:technomic
Comment Utility
I am at the point of reimaging the laptop since the issue doesn't appear to be happening on other machines. Just wondering if there is a way to fix the issue without reimaging the laptop. SP3 was installed on machines before we converted from Shared to Individual folders....
0
 
LVL 17

Expert Comment

by:Andres Perales
Comment Utility
you have to have sharepermissions enabled and everyone set to full control, then use NTFS permissions to secure....
0
 
LVL 2

Author Comment

by:technomic
Comment Utility
peralesa,
You are saying to give users Full Control to Users Share and then setup Deny permissions for everyone but the user to whom directory belongs to (on individual user folders), if I understand it correctly....
0
 
LVL 17

Expert Comment

by:Andres Perales
Comment Utility
you don't even have to do a deny, if they are not listed in the security permissions then the will  not be able to access that folder or items within it!
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 2

Author Comment

by:technomic
Comment Utility
User Share > Sharing> Permissions > Everyone Full Control
On Security Tab, Domain Admins and System have Full Control. Still no luck... And only these two user folders, everybody else is alright...
0
 
LVL 17

Accepted Solution

by:
Andres Perales earned 500 total points
Comment Utility
on the security tab add the individual accounts and then give them read or write or full control...
0
 
LVL 2

Author Comment

by:technomic
Comment Utility
Here is the thing. The rights may be setup correctly. I logged into the network from a different machine as the users whom had this issue and I'm not having any issues from anotehr machine.
I removed the COmputer Object form AD, also disjoined from the domain on the PC and then rejoined the domain as well as changed the PC name. Still no luck. As far as your last comment, I think I may have misunderstood you somewhere. There is a Share called "Users" there are a number of objects within that share (this folders are not shared). Share itself has following permissions -
User Share > Sharing> Permissions > Everyone Full Control.
Objects within the Share are folders with following permissions
Object Properties> Security
User - Full Control
Domain Admins - Full Control

Security Tab>Advanced>Permissions Tab:
Allow -User-Full Control-<not inhereted>-This Folder, Subfolder and files
Allow -Domain Admins-Full Control-<not inhereted>-This Folder, Subfolder and files

If permissions are set incorrectly, I would not be able to access the directory under the same user account nowehere else. I think it`s not the permisisons but some sort of cached info on the PC itself, but I don't know how to reset it without reimaging the machine....
0
 
LVL 2

Author Closing Comment

by:technomic
Comment Utility
I ended up reimaging the box and everything is working fine now.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

I know all systems administrator at some time or another has had to create a script to copy file from a server share to a desktop. Well now there is an easy way to do this in Group Policy. Using Group policy preferences is not hard. The first thing …
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now