Local log on permissions for Server 2008

kyleboca
kyleboca used Ask the Experts™
on
I allowed a user to log on locally through user rights assignment to a server that runs Server 2008. This user has no rights to shared folders on the server. When this user is logged on locally to the server they have access to all the shares on the drive even though the user is not listed in the list of those having permission to view the shares. What must I do keep the user from having access to the shared folders with permissions?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2012
Commented:
You need to set the NTFS permissions not the shared permissions since they are logged in locally share permissions do not affect them.

Author

Commented:
Can you point me in the right direction on how to change that?
Top Expert 2012

Commented:
Go to the folder right-click go to properties then the security tab this is NTFS permissions deny them access.
11/26 Forrester Webinar: Savings for Enterprise

How can your organization benefit from savings just by replacing your legacy backup solutions with Acronis' #CyberProtection? Join Forrester's Joe Branca and Ryan Davis from Acronis live as they explain how you can too.

Author

Commented:
Ok now I have a real big problem. In the security tab for the NTFS permissions I denied access to Users and the process started. Realizing I made a big mistake I hit cancel. Now many of the folders in that directory are no longer accessible and the workstations are already reporting problems to me. How can I restore the original permissions to all the folders in that directory or reset them? Please help ASAP.
Top Expert 2012

Commented:
If you have a backup you can restore but you would be restoring the files as well that are most likely already edited.

For a quick fix add the Everyone group to the NTFS permission.

You should only deny the user that had logon locally access.
Top Expert 2012

Commented:
Whatever you denied change back to the orginal.

Author

Commented:
I tried changing back to the original but when I apply it it starts popping dialogs of folders saying access is denied. When I add everyone as a user and give them write privileges it says access denied to a lot of folders. So in short something is preventing me from restoring the original permissions.

If I restore from DLT tape backup, will the permissions be restored?
Top Expert 2012

Commented:
Yes but you will restore all files and folders even if they have been edited.

Are you logged into the server as an Admin

Author

Commented:
Yes I am logged in as the Admin. I will have to restore the entire directory from DLT which is from last night but the folders worked in the most are imaged every hour so I should be ok.
Top Expert 2012

Commented:
Remove all permissions from the folders then just add the Everyone group. If you see a deny in the permissions remove it this is most likely causing the problem.

Author

Commented:
I am restoring from DLT now. When I added the Everyone group there were no denied checked. When I canceled the original edit to the permissions it borked something. The OS warned me that I made a bad move and said to reset the permissions to how they were originally and I did that.
Top Expert 2012

Commented:
No what I'm saying is to look in your current permissions to see if you have any deny for any user you want to uncheck these.

Author

Commented:
Ok, I see. It is still restoring.

Author

Commented:
Ok, I got it all straightened out. I needed to add the user first in the NTFS permissions and then deny access to the folder.

Thanks for your help Darius.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial