Solved

"USER SHARED FOLDERS" which rights/permissions?

Posted on 2012-03-29
11
571 Views
Last Modified: 2012-04-03
I am experiencing an annoying problem with a Microsoft Server 2008R2.

I have restored user data on this from a hard copy on a USB harddrive.

On the server I have a physical path "D:\USER SHARED FOLDERS\<usernames>
This is shared as "users"

Every user is configured to connect drive H: to \\SERVER\USERS\%username%

So far, so good - but if I browse the server (\\server) from client computers I am able to access all users private folders which is NOT great at all! :-(

I know this happens when you just copy data from external sources to local hard drive and share it BUT I can't figure out how and which Share Permissions and security rights must be configured.

PLEASE don't just post links to Microsoft documents but tell me how this supposed to be configured :-)

Best

Ohm :-)
0
Comment
Question by:Ohmit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +2
11 Comments
 
LVL 1

Expert Comment

by:Norautron
ID: 37781242
Hi!
We share the user folders hidden \\filesvr\users\jabvab$
Persmissions for the user is full access
Domain admin FULL
domain\Administrators FULL

Is it something like this you are looking for?
0
 
LVL 1

Expert Comment

by:Norautron
ID: 37781246
You have to apply permissions to child subfolders..
0
 
LVL 21

Assisted Solution

by:motnahp00
motnahp00 earned 250 total points
ID: 37781274
For the share permissions, I have my folder set to Everyone with Full Control. I let Active Directory create the user folder on the share. I specified the home folder as Connect to H: \\FS\users$\%username%.

It creates the folder on next logon with the appropriate NTFS permissions for just the user to include SYSTEM and Administrators.

I hope this helps.
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 

Author Comment

by:Ohmit
ID: 37781296
I have shared the folder "D:\USER SHARED FOLDERS" as "users" with share permission FULL CONTROL granted to DOMAIN USERS which I find better that EVERYONE.

I need to know EXACTLY which rights/permissions to assign to both USERS share and the users subfolders within.

I know that Windows normally take care of this if you use the "Connect to H:..." but I hasn't.
0
 
LVL 21

Assisted Solution

by:motnahp00
motnahp00 earned 250 total points
ID: 37781343
Share Permissions -> Everyone (Full)

Top Level Folder NTFS Permissions -> SYSTEM (Full), Myself (Full), Administrators (Full)

Individual Folder NTFS Permissions -> System (Full), Myself (Full), the individual (Full), Administrators (Full)
0
 
LVL 7

Assisted Solution

by:withtu
withtu earned 125 total points
ID: 37781345
@Ohmit, I assume that you don't want users to see other's share folder in your server, is that correct?
By default, the permission was controlled by the server, and user can only see her/his shared folder once, and not able to see the folder. If you restore the whole folder back, the permission will be changed. This feature is similar with redirected folders, and follow actions will be placed by default:

1.Gives ownership of the folder to the user.
2.Sets the following ACLs on the folder:
User: Full Control
Local System: Full Control
3.Prevents inheritance of ACLs from the parent folder.

So, in order to restore the permission, you need to set each folder one-by-one, and there is no tool that can automatically do it as far as I can tell.
0
 
LVL 5

Expert Comment

by:9660kel
ID: 37786256
Withtu is correct, that is mostly how the permissions are set by default.  You can bypass the security, but when you copy the files to a new location, the permissions are lost.

The only way to avoid the permissions problem when copying this type of directory, is to use a backup task, or a file copy program that can preserve the permissions attributes.
0
 

Author Comment

by:Ohmit
ID: 37786529
@WITTHU :-)
I don't need a tool but an explanation on which rights and permission I need to set.

I need avery user to access their home folder located under USERS but thay must not see other users file when just browsing \\SERVER\USERS

I REALLY appreciate your input :-)
0
 
LVL 5

Accepted Solution

by:
9660kel earned 125 total points
ID: 37787111
User by user, right click on the folder, select sharing and security.

At the bottom of the security tab, select advanced

Go to the user rights assignment tab and Clear the check box for allowing the folder to inherit permissions from the parent, when it prompts, click on copy permissions. (we'll clean it up soon, but you still need access for the moment) Click the check box to propagate the permissions to the child objects.

Now click on the ownership tab, and set the owner of the folder to the user.

Click okay at the bottom, and in the standard security tab, remove any users that don't need to be there, and click okay.

That should do it.
0
 

Author Comment

by:Ohmit
ID: 37799811
Thank you all for your input.
I REALLY appreciate it!
I will be with the customer today Tuesday, and will do some testing :-)
Hope I can close this Q later today :-)
0
 

Author Comment

by:Ohmit
ID: 37800099
Honored colleagues

The problem has been solved and case is closed.

To make this possible the following steps was performed:

D:\USER SHARED FOLDERS  shared as USERS.
Share permissions : domain users - Full access
Security : domain users - full control

Securtity rights set on individual user USERS\%username%

Security
  Advanced
    Change Permissions

- Uncheck "Include inheritable permissions....."
- Remove
- Add only user + administrators group  allowing full control
- ok

Thats it :-)
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question