Solved

Possible rights issue with user`s network drives

Posted on 2008-10-08
8
180 Views
Last Modified: 2011-09-20
Dear Experts,

We ran into an issue with the user network drives. 2 users that I know of have this issue.
Originally when I started, all user personal network drives were setup as shares on the Windows2003 Server. We changed it from being shared.
Now in the properties of the indiviudal user folders is the following:

Security Tab
Domain Admin - Full Control
User - Full Control

Security > Adavanced

Allow - Domain Admins - <not inhereted> - This folder, subfolders and files
Allow  - User-------------- <not inhereted> - This folder, subfolders and files

Allow inhereted is not checked
Replace permissions is not checked

Owner Tab
Administrator

Effective Permissions
None checked.


User`s entire directory is shared and setup as the following:
Security tab
Administrators - Special Permissions
Creator Owner - Special Permissions
Domain Admin - Full Control
System -  Full Control

Security > Advanced
Allow - Administrators - Full Control - <not inhereted>
Allow - Creator Owner -Full Control - <not inhereted>
Allow - Domain Admins- Full Control - <not inhereted>
Allow -System              - Full Control - <not inhereted>

Security > Owner tab
Administartor of the domain
Administrators

Security> Effective Permissions
nothing is checked

here is the weird part. I logged in as the user form a different machine and was able to rename, create and delete files. When user is logged in from her machine, che can create new folders but can't rename any of the folders or subfolders. I thought it had something to do with either the directory (user folder), so i recereated it and still have the same issue. Disjointed the PC from the domain and recreated th elocal profile, still the same issue.

Does it look like permissions are not setup correctly ?
Also, one PC is a laptop the other one is a desktop. Both have Windows XP with SP3 installed. Other users who`s permissions are setup identically don't have the same issue. This used to be an NT domain before, so I'm not sure how things were setup originally.




0
Comment
Question by:technomic
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 2

Author Comment

by:technomic
ID: 22670035
I am at the point of reimaging the laptop since the issue doesn't appear to be happening on other machines. Just wondering if there is a way to fix the issue without reimaging the laptop. SP3 was installed on machines before we converted from Shared to Individual folders....
0
 
LVL 17

Expert Comment

by:Andres Perales
ID: 22670103
you have to have sharepermissions enabled and everyone set to full control, then use NTFS permissions to secure....
0
 
LVL 2

Author Comment

by:technomic
ID: 22672666
peralesa,
You are saying to give users Full Control to Users Share and then setup Deny permissions for everyone but the user to whom directory belongs to (on individual user folders), if I understand it correctly....
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 17

Expert Comment

by:Andres Perales
ID: 22673048
you don't even have to do a deny, if they are not listed in the security permissions then the will  not be able to access that folder or items within it!
0
 
LVL 2

Author Comment

by:technomic
ID: 22673171
User Share > Sharing> Permissions > Everyone Full Control
On Security Tab, Domain Admins and System have Full Control. Still no luck... And only these two user folders, everybody else is alright...
0
 
LVL 17

Accepted Solution

by:
Andres Perales earned 500 total points
ID: 22673184
on the security tab add the individual accounts and then give them read or write or full control...
0
 
LVL 2

Author Comment

by:technomic
ID: 22673556
Here is the thing. The rights may be setup correctly. I logged into the network from a different machine as the users whom had this issue and I'm not having any issues from anotehr machine.
I removed the COmputer Object form AD, also disjoined from the domain on the PC and then rejoined the domain as well as changed the PC name. Still no luck. As far as your last comment, I think I may have misunderstood you somewhere. There is a Share called "Users" there are a number of objects within that share (this folders are not shared). Share itself has following permissions -
User Share > Sharing> Permissions > Everyone Full Control.
Objects within the Share are folders with following permissions
Object Properties> Security
User - Full Control
Domain Admins - Full Control

Security Tab>Advanced>Permissions Tab:
Allow -User-Full Control-<not inhereted>-This Folder, Subfolder and files
Allow -Domain Admins-Full Control-<not inhereted>-This Folder, Subfolder and files

If permissions are set incorrectly, I would not be able to access the directory under the same user account nowehere else. I think it`s not the permisisons but some sort of cached info on the PC itself, but I don't know how to reset it without reimaging the machine....
0
 
LVL 2

Author Closing Comment

by:technomic
ID: 31504282
I ended up reimaging the box and everything is working fine now.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question