Win 2008 R2 NTFS permissions for home directories
We recently began converting our domain to 2008 R2.
So we’re about 80% through upgrading all the domain controllers from 2003 R2.
I’ve set up home directories on a new 2008 r2 enterprise server.
And the users access those directories in the format \\servername\home\%usernam
Share permission on HOME is Everyone FULL.
NTFS permissions on HOME have the following:
Domain admins – Full – This folder all subfolders and files
Authenticated users – Traverse folder/execute file, life folder/read data, read attributes, read permissions – this folder only
And then under each user’s home directory we give that user Full permissions.
This has worked in previous versions of windows server, allowing the users enough permissions to get down to their shares, but not so much that they can try and wander into another users home directory.
Here’s my problem with this Windows 2008 R2 server:
If I log in as the Domain\administrator account, I can access everything fine.
If I log in with another Domain Admin account I’m denied access to the users’ home directories. And it asks do I want to gain access, and if I say ‘YES’ it adds my individual account to the security permissions.
And for some reason I can’t log in as the local administrator, so I can’t test that. But that’s an oddity that I haven’t had occur before either.
Local administrator includes domain admins.
Any ideas? I am really stuck. This makes no sense whatsoever.
So we’re about 80% through upgrading all the domain controllers from 2003 R2.
I’ve set up home directories on a new 2008 r2 enterprise server.
And the users access those directories in the format \\servername\home\%usernam
Share permission on HOME is Everyone FULL.
NTFS permissions on HOME have the following:
Domain admins – Full – This folder all subfolders and files
Authenticated users – Traverse folder/execute file, life folder/read data, read attributes, read permissions – this folder only
And then under each user’s home directory we give that user Full permissions.
This has worked in previous versions of windows server, allowing the users enough permissions to get down to their shares, but not so much that they can try and wander into another users home directory.
Here’s my problem with this Windows 2008 R2 server:
If I log in as the Domain\administrator account, I can access everything fine.
If I log in with another Domain Admin account I’m denied access to the users’ home directories. And it asks do I want to gain access, and if I say ‘YES’ it adds my individual account to the security permissions.
And for some reason I can’t log in as the local administrator, so I can’t test that. But that’s an oddity that I haven’t had occur before either.
Local administrator includes domain admins.
Any ideas? I am really stuck. This makes no sense whatsoever.
ASKER
I'm logged into the server and accessing the local directory and having this problem.
did you try adding domain admins in controll panel/user accounts as local administrator?
ASKER
yes, they were added automatically when I added the server to the domain.
sorry, was out of town
What is the current owner of ntfs set to? Maybe change that to domain admins
What is the current owner of ntfs set to? Maybe change that to domain admins
ASKER
I have the solution offline with Microsoft. Can I put it here or will you delete the question?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Tried this solution and the problem is completely resolved.
This is specific to 2008R2, 2008 does not exhibit this behavior.
This is specific to 2008R2, 2008 does not exhibit this behavior.
\\IPADDRESS\home\%username