Solved

"USER SHARED FOLDERS" which rights/permissions?

Posted on 2012-03-29
11
555 Views
Last Modified: 2012-04-03
I am experiencing an annoying problem with a Microsoft Server 2008R2.

I have restored user data on this from a hard copy on a USB harddrive.

On the server I have a physical path "D:\USER SHARED FOLDERS\<usernames>
This is shared as "users"

Every user is configured to connect drive H: to \\SERVER\USERS\%username%

So far, so good - but if I browse the server (\\server) from client computers I am able to access all users private folders which is NOT great at all! :-(

I know this happens when you just copy data from external sources to local hard drive and share it BUT I can't figure out how and which Share Permissions and security rights must be configured.

PLEASE don't just post links to Microsoft documents but tell me how this supposed to be configured :-)

Best

Ohm :-)
0
Comment
Question by:Ohmit
  • 4
  • 2
  • 2
  • +2
11 Comments
 
LVL 1

Expert Comment

by:Norautron
ID: 37781242
Hi!
We share the user folders hidden \\filesvr\users\jabvab$
Persmissions for the user is full access
Domain admin FULL
domain\Administrators FULL

Is it something like this you are looking for?
0
 
LVL 1

Expert Comment

by:Norautron
ID: 37781246
You have to apply permissions to child subfolders..
0
 
LVL 21

Assisted Solution

by:motnahp00
motnahp00 earned 250 total points
ID: 37781274
For the share permissions, I have my folder set to Everyone with Full Control. I let Active Directory create the user folder on the share. I specified the home folder as Connect to H: \\FS\users$\%username%.

It creates the folder on next logon with the appropriate NTFS permissions for just the user to include SYSTEM and Administrators.

I hope this helps.
0
 

Author Comment

by:Ohmit
ID: 37781296
I have shared the folder "D:\USER SHARED FOLDERS" as "users" with share permission FULL CONTROL granted to DOMAIN USERS which I find better that EVERYONE.

I need to know EXACTLY which rights/permissions to assign to both USERS share and the users subfolders within.

I know that Windows normally take care of this if you use the "Connect to H:..." but I hasn't.
0
 
LVL 21

Assisted Solution

by:motnahp00
motnahp00 earned 250 total points
ID: 37781343
Share Permissions -> Everyone (Full)

Top Level Folder NTFS Permissions -> SYSTEM (Full), Myself (Full), Administrators (Full)

Individual Folder NTFS Permissions -> System (Full), Myself (Full), the individual (Full), Administrators (Full)
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 7

Assisted Solution

by:withtu
withtu earned 125 total points
ID: 37781345
@Ohmit, I assume that you don't want users to see other's share folder in your server, is that correct?
By default, the permission was controlled by the server, and user can only see her/his shared folder once, and not able to see the folder. If you restore the whole folder back, the permission will be changed. This feature is similar with redirected folders, and follow actions will be placed by default:

1.Gives ownership of the folder to the user.
2.Sets the following ACLs on the folder:
User: Full Control
Local System: Full Control
3.Prevents inheritance of ACLs from the parent folder.

So, in order to restore the permission, you need to set each folder one-by-one, and there is no tool that can automatically do it as far as I can tell.
0
 
LVL 5

Expert Comment

by:9660kel
ID: 37786256
Withtu is correct, that is mostly how the permissions are set by default.  You can bypass the security, but when you copy the files to a new location, the permissions are lost.

The only way to avoid the permissions problem when copying this type of directory, is to use a backup task, or a file copy program that can preserve the permissions attributes.
0
 

Author Comment

by:Ohmit
ID: 37786529
@WITTHU :-)
I don't need a tool but an explanation on which rights and permission I need to set.

I need avery user to access their home folder located under USERS but thay must not see other users file when just browsing \\SERVER\USERS

I REALLY appreciate your input :-)
0
 
LVL 5

Accepted Solution

by:
9660kel earned 125 total points
ID: 37787111
User by user, right click on the folder, select sharing and security.

At the bottom of the security tab, select advanced

Go to the user rights assignment tab and Clear the check box for allowing the folder to inherit permissions from the parent, when it prompts, click on copy permissions. (we'll clean it up soon, but you still need access for the moment) Click the check box to propagate the permissions to the child objects.

Now click on the ownership tab, and set the owner of the folder to the user.

Click okay at the bottom, and in the standard security tab, remove any users that don't need to be there, and click okay.

That should do it.
0
 

Author Comment

by:Ohmit
ID: 37799811
Thank you all for your input.
I REALLY appreciate it!
I will be with the customer today Tuesday, and will do some testing :-)
Hope I can close this Q later today :-)
0
 

Author Comment

by:Ohmit
ID: 37800099
Honored colleagues

The problem has been solved and case is closed.

To make this possible the following steps was performed:

D:\USER SHARED FOLDERS  shared as USERS.
Share permissions : domain users - Full access
Security : domain users - full control

Securtity rights set on individual user USERS\%username%

Security
  Advanced
    Change Permissions

- Uncheck "Include inheritable permissions....."
- Remove
- Add only user + administrators group  allowing full control
- ok

Thats it :-)
0

Featured Post

Why spend so long doing email signature updates?

Do you spend loads of your time carrying out email signature updates? Not very interesting are they? Don’t let signature updates get you down. Let Exclaimer Cloud - Signatures for Office 365 make managing email signatures a breeze.

Join & Write a Comment

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now