Solved

"USER SHARED FOLDERS" which rights/permissions?

Posted on 2012-03-29
11
563 Views
Last Modified: 2012-04-03
I am experiencing an annoying problem with a Microsoft Server 2008R2.

I have restored user data on this from a hard copy on a USB harddrive.

On the server I have a physical path "D:\USER SHARED FOLDERS\<usernames>
This is shared as "users"

Every user is configured to connect drive H: to \\SERVER\USERS\%username%

So far, so good - but if I browse the server (\\server) from client computers I am able to access all users private folders which is NOT great at all! :-(

I know this happens when you just copy data from external sources to local hard drive and share it BUT I can't figure out how and which Share Permissions and security rights must be configured.

PLEASE don't just post links to Microsoft documents but tell me how this supposed to be configured :-)

Best

Ohm :-)
0
Comment
Question by:Ohmit
  • 4
  • 2
  • 2
  • +2
11 Comments
 
LVL 1

Expert Comment

by:Norautron
ID: 37781242
Hi!
We share the user folders hidden \\filesvr\users\jabvab$
Persmissions for the user is full access
Domain admin FULL
domain\Administrators FULL

Is it something like this you are looking for?
0
 
LVL 1

Expert Comment

by:Norautron
ID: 37781246
You have to apply permissions to child subfolders..
0
 
LVL 21

Assisted Solution

by:motnahp00
motnahp00 earned 250 total points
ID: 37781274
For the share permissions, I have my folder set to Everyone with Full Control. I let Active Directory create the user folder on the share. I specified the home folder as Connect to H: \\FS\users$\%username%.

It creates the folder on next logon with the appropriate NTFS permissions for just the user to include SYSTEM and Administrators.

I hope this helps.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:Ohmit
ID: 37781296
I have shared the folder "D:\USER SHARED FOLDERS" as "users" with share permission FULL CONTROL granted to DOMAIN USERS which I find better that EVERYONE.

I need to know EXACTLY which rights/permissions to assign to both USERS share and the users subfolders within.

I know that Windows normally take care of this if you use the "Connect to H:..." but I hasn't.
0
 
LVL 21

Assisted Solution

by:motnahp00
motnahp00 earned 250 total points
ID: 37781343
Share Permissions -> Everyone (Full)

Top Level Folder NTFS Permissions -> SYSTEM (Full), Myself (Full), Administrators (Full)

Individual Folder NTFS Permissions -> System (Full), Myself (Full), the individual (Full), Administrators (Full)
0
 
LVL 7

Assisted Solution

by:withtu
withtu earned 125 total points
ID: 37781345
@Ohmit, I assume that you don't want users to see other's share folder in your server, is that correct?
By default, the permission was controlled by the server, and user can only see her/his shared folder once, and not able to see the folder. If you restore the whole folder back, the permission will be changed. This feature is similar with redirected folders, and follow actions will be placed by default:

1.Gives ownership of the folder to the user.
2.Sets the following ACLs on the folder:
User: Full Control
Local System: Full Control
3.Prevents inheritance of ACLs from the parent folder.

So, in order to restore the permission, you need to set each folder one-by-one, and there is no tool that can automatically do it as far as I can tell.
0
 
LVL 5

Expert Comment

by:9660kel
ID: 37786256
Withtu is correct, that is mostly how the permissions are set by default.  You can bypass the security, but when you copy the files to a new location, the permissions are lost.

The only way to avoid the permissions problem when copying this type of directory, is to use a backup task, or a file copy program that can preserve the permissions attributes.
0
 

Author Comment

by:Ohmit
ID: 37786529
@WITTHU :-)
I don't need a tool but an explanation on which rights and permission I need to set.

I need avery user to access their home folder located under USERS but thay must not see other users file when just browsing \\SERVER\USERS

I REALLY appreciate your input :-)
0
 
LVL 5

Accepted Solution

by:
9660kel earned 125 total points
ID: 37787111
User by user, right click on the folder, select sharing and security.

At the bottom of the security tab, select advanced

Go to the user rights assignment tab and Clear the check box for allowing the folder to inherit permissions from the parent, when it prompts, click on copy permissions. (we'll clean it up soon, but you still need access for the moment) Click the check box to propagate the permissions to the child objects.

Now click on the ownership tab, and set the owner of the folder to the user.

Click okay at the bottom, and in the standard security tab, remove any users that don't need to be there, and click okay.

That should do it.
0
 

Author Comment

by:Ohmit
ID: 37799811
Thank you all for your input.
I REALLY appreciate it!
I will be with the customer today Tuesday, and will do some testing :-)
Hope I can close this Q later today :-)
0
 

Author Comment

by:Ohmit
ID: 37800099
Honored colleagues

The problem has been solved and case is closed.

To make this possible the following steps was performed:

D:\USER SHARED FOLDERS  shared as USERS.
Share permissions : domain users - Full access
Security : domain users - full control

Securtity rights set on individual user USERS\%username%

Security
  Advanced
    Change Permissions

- Uncheck "Include inheritable permissions....."
- Remove
- Add only user + administrators group  allowing full control
- ok

Thats it :-)
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question