Solved

Corrupted Security Permissions - Server 2003

Posted on 2009-05-05
6
804 Views
Last Modified: 2012-05-06
I have a Windows 2003 server that has got its share permissions and security settings well and truly messed up as the result of a migration from an old server 2000 box that had corrupt shares and security. The server local admin account has got corrupt special permissions that seem to be a major factor in the problems

What I need to do is to :
1. Remove all permissions and security for all folders, shares and files on the data partition.  
2. Recreate default administrative access (administraor, domain admin etc) to all folders, files and shares
3. add security for any top level security groups and re-establish & apply inheritance at the appropriate point in the directory structure (eg admin team for admin folder area)
4. interrogate AD for each user account and capture the user home profile folder location
5. using the above (4) add specific default user rights (create / modify / delete) to each user's respective home folder (and any sub directories)

End result should be that admin accounts have full access / control to everything, security group permissions  are inherited down the tree coreectly, users only have access to their specific home folder ( and profile folder if applicable )

I've been looking at vbs to so this but would really appreciate some support with putting a script together.  If someone has already written a script to do this - even better !
0
Comment
Question by:cmdown
  • 3
  • 3
6 Comments
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24308242
0
 
LVL 47

Accepted Solution

by:
Donald Stewart earned 500 total points
ID: 24308275
0
 
LVL 47

Assisted Solution

by:Donald Stewart
Donald Stewart earned 500 total points
ID: 24308342
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 1

Author Comment

by:cmdown
ID: 24331435
Hi dstewartjr
The 2nd script is almost what I am after.  The issue is that, of course, there has been no standard naming convention over the years so what I need is something that works the opposite way around.
1st. Clear all permissions for all folders - remove all the erroneous permissions
2nd. Set default permissions on all fiels/folders for Administrator / Administrators group & Domain Admins group only.  
3rd. For each user in the AD, interogate their user profile, extract the location(s) of their profile path (if set) and their home folder and then set their permissions to Modify, Read, Read&Execute on the relevenet folder(s)

I have something like 1,400 user accounts that this needs doing for so a script is the only realistic way of doing this.

Just for info the symptons currently are exceptionally slow access (> 40 seconds to a 1kb file) with server cpu utilisation at 1% (Dell PE 2950, 16Gb Ram, Dual 1Gb NIC (teamed), 3TB Raid 5, Server 2003 SP2).  Also permissions keep corrupting - folders losing permissions at random and having to be reset, users showing as having inherited permissions to random folders when they are not given those permissions at any higher level in the folder structure etc.

Just to add to the fun I've got to replace two of the hard drives in the array over the next two weekends in a phased disc change/ array rebuild - slighlty different models of same drive which although * not * contributing to the above problems (confirmed by Dell) is however causing the perc controller to log entries in the event log every so often that the version of drive is not in its list of approved hardware.  oh Joy !!
0
 
LVL 1

Author Comment

by:cmdown
ID: 24402334
dstewartjr has been really helpful with this problem but I am still stuck as to how to capture the location of a users home folder / profille location using vbs which I need to do in this situation.  Ideas anybody ?
0
 
LVL 1

Author Comment

by:cmdown
ID: 24772234
In the end this work was done manually as I was unable to find a way of capturing the user home folder location.  I would however like to award dstewartjr points as one of the scripts was very comprehensive.  Should anyone read this post and know how to acheive the above I through a script I would still be interested to know!
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Over the years I have built up my own little library of code snippets that I refer to when programming or writing a script.  Many of these have come from the web or adaptations from snippets I find on the Web.  Periodically I add to them when I come…
This article runs through the process of deploying a single EXE application selectively to a group of user.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question