We help IT Professionals succeed at work.

Folder Permissions.. Inherited / Exclusive

Last Modified: 2012-05-11
 I hope I am not missing anything, but please tell me if I am doing something incorrectly.

I've inherited a SBS2003 and am consolidating user folders which were all over the  place.
 I put them all under a "d:\users" folder, shared the folder, and gave everyone full control under permissions.  Now, in the individual subfolders, I want to limit access to who has access to what.
 so, on the server, I go to  d:\users\jennifer, rt click, security, and then advanced, then remove all permissions, only adding the user and the respective rights.  This should would on all items and sub folders, shouldnt it?  Does the user need to logout and log back in?  do I need to do a GPUPDATE /Force?
  if I add users later, they get some rights, (not all) by default, and then when I tell it to propogate to child object, the orginal people I added wing up getting NO rights, which then it has to be set back manually.  Seems like the rights dont flow down to the sub folders.  Ive even went so far as to take permission (as administrator) to confirm I have the rights, then assign them accordingly.  
 Are they any OTHER users that need to have rights, such as SYSTEM / CreaterOwner?
 What the heck am I missing?!?!

 Thanks in advance!
Watch Question

I do something somewhat different with our shares.  I do have a root "users" folder, but it is not shared.  Instead I create subfolders within it for each user, and create them as their own share in the form of %username%$ so if the user name is user then the share name would be user$.  The $ makes it a hidden share, then I set permissions so that that user, or the specific security group associate w/ that user, and the security group associate w/ administrative full file access, are the only items listed in permissions, with Full Control enabled for both, then under security, I ensure that only their group, the administrative full file access group, and system are listed, again with Full rights.
Lorenzo CricchioPresident


Thats the way I was going to do it initially, however, the username is not equal to the folder name, plus some of the users would need to see other users documents, etc, in other user folders, so mapping was going to be an issue if I mapped rooted it.  By going up one level, even though users can see other peoples names, they wouldnt have access to what was inside.
  I dont want to hide the folders, merely give some users access to certain folders.  When I do that, the rights dont seem to filter downward even if I select "replace properties on child, etc etc.."
 I will advise there are many many security groups which were created before I came onboard to this company.
  I am assuming (correctly?) that once the inherited user rights are removed from a folder, any group rights no matter what they are, and IF they were in effect for that or the parent folder, are no longer there, and access to the folder is granted explicitely once I select a user, add them, and give them specific rights.  Is that right?
 Is there a service or function that needs to be running in order for this to work? perhaps a server restart?  Never had this issue before with rights.

 Thanks again.
This one is on us!
(Get your first solution completely free - no credit card required)
Lorenzo CricchioPresident


Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.