Solved

Possible rights issue with user`s network drives

Posted on 2008-10-08
8
181 Views
Last Modified: 2011-09-20
Dear Experts,

We ran into an issue with the user network drives. 2 users that I know of have this issue.
Originally when I started, all user personal network drives were setup as shares on the Windows2003 Server. We changed it from being shared.
Now in the properties of the indiviudal user folders is the following:

Security Tab
Domain Admin - Full Control
User - Full Control

Security > Adavanced

Allow - Domain Admins - <not inhereted> - This folder, subfolders and files
Allow  - User-------------- <not inhereted> - This folder, subfolders and files

Allow inhereted is not checked
Replace permissions is not checked

Owner Tab
Administrator

Effective Permissions
None checked.


User`s entire directory is shared and setup as the following:
Security tab
Administrators - Special Permissions
Creator Owner - Special Permissions
Domain Admin - Full Control
System -  Full Control

Security > Advanced
Allow - Administrators - Full Control - <not inhereted>
Allow - Creator Owner -Full Control - <not inhereted>
Allow - Domain Admins- Full Control - <not inhereted>
Allow -System              - Full Control - <not inhereted>

Security > Owner tab
Administartor of the domain
Administrators

Security> Effective Permissions
nothing is checked

here is the weird part. I logged in as the user form a different machine and was able to rename, create and delete files. When user is logged in from her machine, che can create new folders but can't rename any of the folders or subfolders. I thought it had something to do with either the directory (user folder), so i recereated it and still have the same issue. Disjointed the PC from the domain and recreated th elocal profile, still the same issue.

Does it look like permissions are not setup correctly ?
Also, one PC is a laptop the other one is a desktop. Both have Windows XP with SP3 installed. Other users who`s permissions are setup identically don't have the same issue. This used to be an NT domain before, so I'm not sure how things were setup originally.




0
Comment
Question by:technomic
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 2

Author Comment

by:technomic
ID: 22670035
I am at the point of reimaging the laptop since the issue doesn't appear to be happening on other machines. Just wondering if there is a way to fix the issue without reimaging the laptop. SP3 was installed on machines before we converted from Shared to Individual folders....
0
 
LVL 17

Expert Comment

by:Andres Perales
ID: 22670103
you have to have sharepermissions enabled and everyone set to full control, then use NTFS permissions to secure....
0
 
LVL 2

Author Comment

by:technomic
ID: 22672666
peralesa,
You are saying to give users Full Control to Users Share and then setup Deny permissions for everyone but the user to whom directory belongs to (on individual user folders), if I understand it correctly....
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 
LVL 17

Expert Comment

by:Andres Perales
ID: 22673048
you don't even have to do a deny, if they are not listed in the security permissions then the will  not be able to access that folder or items within it!
0
 
LVL 2

Author Comment

by:technomic
ID: 22673171
User Share > Sharing> Permissions > Everyone Full Control
On Security Tab, Domain Admins and System have Full Control. Still no luck... And only these two user folders, everybody else is alright...
0
 
LVL 17

Accepted Solution

by:
Andres Perales earned 500 total points
ID: 22673184
on the security tab add the individual accounts and then give them read or write or full control...
0
 
LVL 2

Author Comment

by:technomic
ID: 22673556
Here is the thing. The rights may be setup correctly. I logged into the network from a different machine as the users whom had this issue and I'm not having any issues from anotehr machine.
I removed the COmputer Object form AD, also disjoined from the domain on the PC and then rejoined the domain as well as changed the PC name. Still no luck. As far as your last comment, I think I may have misunderstood you somewhere. There is a Share called "Users" there are a number of objects within that share (this folders are not shared). Share itself has following permissions -
User Share > Sharing> Permissions > Everyone Full Control.
Objects within the Share are folders with following permissions
Object Properties> Security
User - Full Control
Domain Admins - Full Control

Security Tab>Advanced>Permissions Tab:
Allow -User-Full Control-<not inhereted>-This Folder, Subfolder and files
Allow -Domain Admins-Full Control-<not inhereted>-This Folder, Subfolder and files

If permissions are set incorrectly, I would not be able to access the directory under the same user account nowehere else. I think it`s not the permisisons but some sort of cached info on the PC itself, but I don't know how to reset it without reimaging the machine....
0
 
LVL 2

Author Closing Comment

by:technomic
ID: 31504282
I ended up reimaging the box and everything is working fine now.
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question