tc6atim
asked on
Windows Server 2008 Permissions
I have a folder share available on the network that has sub folders for each username on the network. This needs to be used as a private drop box for each user so no one should be able to access another users folder, only see that it is there.
How do I setup the permissions so that I do not have to go to each individual folder to allow/ deny access?
Thank you.
How do I setup the permissions so that I do not have to go to each individual folder to allow/ deny access?
Thank you.
This sounds like a $HOME folder.
When you create a new user, or change the $home folder for an existing user this folder will be created automatiscally with the correct permissions.
(active directory user + computers) --> edit user --> tab profile
You can select multiple users and use \\server\Users\%username% to get private folders for all users
When you create a new user, or change the $home folder for an existing user this folder will be created automatiscally with the correct permissions.
(active directory user + computers) --> edit user --> tab profile
You can select multiple users and use \\server\Users\%username% to get private folders for all users
I forget to mention. Share the Users folder for Domain users but don't give them ACL permissions on the d:\Users folder itself.
ASKER
peter197911: You are correct and this was working correctly at some point in time, something happened and I am trying to fix it.
If you go to the profiles section> Home Folder> it is set to > Connect: Z: to \\app\shares\username
Shares on app is located under the "Users" folder which contains "RedirectedFolders" and "Shares" as seen above.
Only the "RedirectedFolders" and "Shares" are shared under the parent folder "Users"
If you go to the profiles section> Home Folder> it is set to > Connect: Z: to \\app\shares\username
Shares on app is located under the "Users" folder which contains "RedirectedFolders" and "Shares" as seen above.
Only the "RedirectedFolders" and "Shares" are shared under the parent folder "Users"
To make the story clear !
You have a d:\Users\Shares and d:\Users\RedirectFolders
And all %username% in Shares have lost their security settings? (at least settings the one where a folder becomes a private folder for a specific user) ??
You have a d:\Users\Shares and d:\Users\RedirectFolders
And all %username% in Shares have lost their security settings? (at least settings the one where a folder becomes a private folder for a specific user) ??
ASKER
This is correct.
For Example:
User: test3 cannot access any data under redirected folders for users test2 or folders specific to a particular user other than test3's redirected folders.
We should see the same behavior for the "Shares" folder however... This is not the case user test3 or any user for that matter can access any other users folder under the "Shares" share.
So it appears redirectedfolders under the parent "Users" folder is working properly, but the "Shares" folder under the "Users" folder is not.
This behavior is the same when creating a new user as well.
For Example:
User: test3 cannot access any data under redirected folders for users test2 or folders specific to a particular user other than test3's redirected folders.
We should see the same behavior for the "Shares" folder however... This is not the case user test3 or any user for that matter can access any other users folder under the "Shares" share.
So it appears redirectedfolders under the parent "Users" folder is working properly, but the "Shares" folder under the "Users" folder is not.
This behavior is the same when creating a new user as well.
What are the security permissions on the folders (ACL)
d:\Users\RedirectFolders
d:\Users\RedirectFolders\t estuser1
d:\Users\Shares
d:\Users\Shares\testuser1
And did you allready compare the Share permissions on Shares and Redirect ??
d:\Users\RedirectFolders
d:\Users\RedirectFolders\t
d:\Users\Shares
d:\Users\Shares\testuser1
And did you allready compare the Share permissions on Shares and Redirect ??
ASKER
OK, you showed me the ACL (Access control list) for the 4 folders.
I'm not sure how test3 in RedirectedFolders has a private folder but ok.
Go to properties of d:\User\Shares again .. and open the TAB Sharing.
There are permissions assigned also (share permissions -> remember windows98?)
Compare this share permissions also.
And if managing Domains is you're daily job, please read this website where the difference is explained between Shared Folders permission and NTFS permissions.
http://www.techexams.net/technotes/70290/permissions.shtml
ps. How connects a user to his RedirectedFolder \\server\???????
I'm not sure how test3 in RedirectedFolders has a private folder but ok.
Go to properties of d:\User\Shares again .. and open the TAB Sharing.
There are permissions assigned also (share permissions -> remember windows98?)
Compare this share permissions also.
And if managing Domains is you're daily job, please read this website where the difference is explained between Shared Folders permission and NTFS permissions.
http://www.techexams.net/technotes/70290/permissions.shtml
ps. How connects a user to his RedirectedFolder \\server\???????
ASKER
For sharing it is set to "everyone" with full control for both the redirectedfolders and shares, share.
The small business server is server\\ but the profile home directories are point to the "app" server so: \\app\shares\test3
The small business server is server\\ but the profile home directories are point to the "app" server so: \\app\shares\test3
I guess you misread my last question.
How connects a user to a a folder in e:\Users\RedirectedFolders \%username %
Can you checkout the Share persmissions for the folder
e:\Users\RestrictedUsers\t est3
I have the feeling that both folders are not protected/private.
browse to \\app\shares and browse to \\app\RedirectedFolders
In both cases you can see all usernames and also browse in it (i expect)
How connects a user to a a folder in e:\Users\RedirectedFolders
Can you checkout the Share persmissions for the folder
e:\Users\RestrictedUsers\t
I have the feeling that both folders are not protected/private.
browse to \\app\shares and browse to \\app\RedirectedFolders
In both cases you can see all usernames and also browse in it (i expect)
ASKER
Ah, the redirected folders is done through group policy.
There are no share permissions for the "test3" folder since it is not directly shared. It is a sub folder of shares or redirectedprofiles, shares. These two shares are set to everyone with full control under the permissions tab.
I have the feeling that both folders are not protected/private.
browse to \\app\shares and browse to \\app\RedirectedFolders
In both cases you can see all usernames and also browse in it (i expect)
- Yes, you can see all usernames under both redirected and under shares... Redirected you can go into a users folder and see the default folders such as documents and desktop, but cannot access them... Under Shares, it is just a free for all.
There are no share permissions for the "test3" folder since it is not directly shared. It is a sub folder of shares or redirectedprofiles, shares. These two shares are set to everyone with full control under the permissions tab.
I have the feeling that both folders are not protected/private.
browse to \\app\shares and browse to \\app\RedirectedFolders
In both cases you can see all usernames and also browse in it (i expect)
- Yes, you can see all usernames under both redirected and under shares... Redirected you can go into a users folder and see the default folders such as documents and desktop, but cannot access them... Under Shares, it is just a free for all.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I tried the above to no avail... I ended up removing administrators from having access to the shares and now they are private. I cannot figure out why this would matter, but if the shares allow the administrators group to have access then all everyone can see everyone's folders...
ASKER
Attributed to the final solution, there were more issues than one, but this helped get things on the right track.
dir /b <Drive>:\<SharedFolder> >c:\folders.txt
and now use
for /f %i in (c:\folders.txt) do cacls <Drive>:\SharedFolder>\%i /T /C /G %i:C "Domain Admins":F
From now, user will have Modify rights to home folder and Domain Admins will have Full Control
Regards,
Krzysztof