Solved

Windows Server 2008 Permissions

Posted on 2011-09-28
15
234 Views
Last Modified: 2012-05-12
I have a folder share available on the network that has sub folders for each username on the network. This needs to be used as a private drop box for each user so no one should be able to access another users folder, only see that it is there.

How do I setup the permissions so that I do not have to go to each individual folder to allow/ deny access?

Thank you.
0
Comment
Question by:tc6atim
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 7
15 Comments
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36715139
Log into that server and use these commands

dir /b <Drive>:\<SharedFolder> >c:\folders.txt

and now use

for /f %i in (c:\folders.txt) do cacls <Drive>:\SharedFolder>\%i /T /C /G %i:C "Domain Admins":F

From now, user will have Modify rights to home folder and Domain Admins will have Full Control

Regards,
Krzysztof
0
 
LVL 5

Expert Comment

by:peter197911
ID: 36715142
This sounds like a $HOME folder.
When you create a new user, or change the $home folder for an existing user this folder will be created automatiscally with the correct permissions.

(active directory user + computers)  --> edit user --> tab profile  
You can select multiple users and use   \\server\Users\%username% to get private folders for all users
0
 
LVL 5

Expert Comment

by:peter197911
ID: 36715155
I forget to mention.  Share the Users folder for Domain users but don't give them ACL permissions on the d:\Users folder itself.
0
MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

 
LVL 3

Author Comment

by:tc6atim
ID: 36715429
peter197911: You are correct and this was working correctly at some point in time, something happened and I am trying to fix it.

If you go to the profiles section> Home Folder> it is set to > Connect: Z: to \\app\shares\username

Shares on app is located under the "Users" folder which contains "RedirectedFolders" and "Shares" as seen above.

Only the "RedirectedFolders" and "Shares" are shared under the parent folder "Users"
0
 
LVL 5

Expert Comment

by:peter197911
ID: 36715552
To make the story clear !
You have a  d:\Users\Shares   and d:\Users\RedirectFolders
And all %username%  in Shares have lost their security settings?  (at least settings the one where a folder becomes a private folder for a specific user) ??
0
 
LVL 3

Author Comment

by:tc6atim
ID: 36715586
This is correct.

For Example:

User: test3 cannot access any data under redirected folders for users test2 or folders specific to a particular user other than test3's redirected folders.

We should see the same behavior for the "Shares" folder however... This is not the case user test3 or any user for that matter can access any other users folder under the "Shares" share.

So it appears redirectedfolders under the parent "Users" folder is working properly, but the "Shares" folder under the "Users" folder is not.

This behavior is the same when creating a new user as well.
0
 
LVL 5

Expert Comment

by:peter197911
ID: 36715609
What are the security permissions on the folders (ACL)

d:\Users\RedirectFolders
d:\Users\RedirectFolders\testuser1

d:\Users\Shares
d:\Users\Shares\testuser1

And did you allready compare the Share permissions on Shares and Redirect ??
0
 
LVL 3

Author Comment

by:tc6atim
ID: 36715666
ALC?

I do not see a difference in the security settings when comparing redirectedfolders to shares...

I do see a difference in the two user folders though. I have attached a screen shot.

Thank you. Security Comparison
0
 
LVL 5

Expert Comment

by:peter197911
ID: 36715752
OK, you showed me the ACL (Access control list) for the 4 folders.
I'm not sure how test3 in RedirectedFolders has a private folder but ok.

Go to properties of d:\User\Shares again .. and open the TAB   Sharing.
There are permissions assigned also (share permissions -> remember windows98?)
Compare this share permissions also.

And if managing Domains is you're daily job, please read this website where the difference is explained between   Shared Folders permission and NTFS permissions.

http://www.techexams.net/technotes/70290/permissions.shtml

ps. How connects a user to his RedirectedFolder   \\server\???????

0
 
LVL 3

Author Comment

by:tc6atim
ID: 36715799
For sharing it is set to "everyone" with full control for both the redirectedfolders and shares, share.

The small business server is server\\ but the profile home directories are point to the "app" server so: \\app\shares\test3
0
 
LVL 5

Expert Comment

by:peter197911
ID: 36715905
I guess you misread my last question.

How connects a user to a a folder in     e:\Users\RedirectedFolders\%username%

Can you checkout the Share persmissions for   the folder
   e:\Users\RestrictedUsers\test3

I have the feeling that both folders are not protected/private.

browse to   \\app\shares    and browse to  \\app\RedirectedFolders

In both cases you can see all usernames and also browse in it (i expect)
0
 
LVL 3

Author Comment

by:tc6atim
ID: 36715955
Ah, the redirected folders is done through group policy.

There are no share permissions for the "test3" folder since it is not directly shared. It is a sub folder of shares or redirectedprofiles, shares. These two shares are set to everyone with full control under the permissions tab.

I have the feeling that both folders are not protected/private.

browse to   \\app\shares    and browse to  \\app\RedirectedFolders

In both cases you can see all usernames and also browse in it (i expect)

- Yes, you can see all usernames under both redirected and under shares... Redirected you can go into a users folder and see the default folders such as documents and desktop, but cannot access them... Under Shares, it is just a free for all.
0
 
LVL 5

Accepted Solution

by:
peter197911 earned 500 total points
ID: 36716006
OK, this explains a lot.
All files/systemfiles that are created in the RedirectFolder will have the correct rights. (done by windows)
Just open properties of a file in the   RedirectFolders\test3\file.txt
At least the Users group is not assigned to the security of this files  (the Users group makes it all viewable)

Howto fix this on the Shares folder is the question.
For a test, remove the group Users on you're Shares\Test3 folder from the security settings.
This will make it a private folder for Test3 (and administrator).
Probably the security things are inherited (but you can make an exception just for test purposes) by the security settings on the folder e:\User\Shares or worser from E:\ or e:\User.

If this solves the problem, you're solution is remove the APP\Users group from at least e:\User\Shares.

Personally i will try to remove it from even higher (just depends from what level the group APP\Users have permissions) but you have to be carefull with the permissions on other Folders then Shares.

I'll hope you understand what to do...
0
 
LVL 3

Author Comment

by:tc6atim
ID: 36900495
I tried the above to no avail... I ended up removing administrators from having access to the shares and now they are private. I cannot figure out why this would matter, but if the shares allow the administrators group to have access then all everyone can see everyone's folders...
0
 
LVL 3

Author Closing Comment

by:tc6atim
ID: 36908659
Attributed to the final solution, there were more issues than one, but this helped get things on the right track.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Exchange 2010 mailbox move 7 68
Cloning SBS, then moving workstations between cloned domains? 4 130
Windows 10 ISO build version 3 97
active directory, exhange 12 62
Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question