Solved

"USER SHARED FOLDERS" which rights/permissions?

Posted on 2012-03-29
11
562 Views
Last Modified: 2012-04-03
I am experiencing an annoying problem with a Microsoft Server 2008R2.

I have restored user data on this from a hard copy on a USB harddrive.

On the server I have a physical path "D:\USER SHARED FOLDERS\<usernames>
This is shared as "users"

Every user is configured to connect drive H: to \\SERVER\USERS\%username%

So far, so good - but if I browse the server (\\server) from client computers I am able to access all users private folders which is NOT great at all! :-(

I know this happens when you just copy data from external sources to local hard drive and share it BUT I can't figure out how and which Share Permissions and security rights must be configured.

PLEASE don't just post links to Microsoft documents but tell me how this supposed to be configured :-)

Best

Ohm :-)
0
Comment
Question by:Ohmit
  • 4
  • 2
  • 2
  • +2
11 Comments
 
LVL 1

Expert Comment

by:Norautron
ID: 37781242
Hi!
We share the user folders hidden \\filesvr\users\jabvab$
Persmissions for the user is full access
Domain admin FULL
domain\Administrators FULL

Is it something like this you are looking for?
0
 
LVL 1

Expert Comment

by:Norautron
ID: 37781246
You have to apply permissions to child subfolders..
0
 
LVL 21

Assisted Solution

by:motnahp00
motnahp00 earned 250 total points
ID: 37781274
For the share permissions, I have my folder set to Everyone with Full Control. I let Active Directory create the user folder on the share. I specified the home folder as Connect to H: \\FS\users$\%username%.

It creates the folder on next logon with the appropriate NTFS permissions for just the user to include SYSTEM and Administrators.

I hope this helps.
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:Ohmit
ID: 37781296
I have shared the folder "D:\USER SHARED FOLDERS" as "users" with share permission FULL CONTROL granted to DOMAIN USERS which I find better that EVERYONE.

I need to know EXACTLY which rights/permissions to assign to both USERS share and the users subfolders within.

I know that Windows normally take care of this if you use the "Connect to H:..." but I hasn't.
0
 
LVL 21

Assisted Solution

by:motnahp00
motnahp00 earned 250 total points
ID: 37781343
Share Permissions -> Everyone (Full)

Top Level Folder NTFS Permissions -> SYSTEM (Full), Myself (Full), Administrators (Full)

Individual Folder NTFS Permissions -> System (Full), Myself (Full), the individual (Full), Administrators (Full)
0
 
LVL 7

Assisted Solution

by:withtu
withtu earned 125 total points
ID: 37781345
@Ohmit, I assume that you don't want users to see other's share folder in your server, is that correct?
By default, the permission was controlled by the server, and user can only see her/his shared folder once, and not able to see the folder. If you restore the whole folder back, the permission will be changed. This feature is similar with redirected folders, and follow actions will be placed by default:

1.Gives ownership of the folder to the user.
2.Sets the following ACLs on the folder:
User: Full Control
Local System: Full Control
3.Prevents inheritance of ACLs from the parent folder.

So, in order to restore the permission, you need to set each folder one-by-one, and there is no tool that can automatically do it as far as I can tell.
0
 
LVL 5

Expert Comment

by:9660kel
ID: 37786256
Withtu is correct, that is mostly how the permissions are set by default.  You can bypass the security, but when you copy the files to a new location, the permissions are lost.

The only way to avoid the permissions problem when copying this type of directory, is to use a backup task, or a file copy program that can preserve the permissions attributes.
0
 

Author Comment

by:Ohmit
ID: 37786529
@WITTHU :-)
I don't need a tool but an explanation on which rights and permission I need to set.

I need avery user to access their home folder located under USERS but thay must not see other users file when just browsing \\SERVER\USERS

I REALLY appreciate your input :-)
0
 
LVL 5

Accepted Solution

by:
9660kel earned 125 total points
ID: 37787111
User by user, right click on the folder, select sharing and security.

At the bottom of the security tab, select advanced

Go to the user rights assignment tab and Clear the check box for allowing the folder to inherit permissions from the parent, when it prompts, click on copy permissions. (we'll clean it up soon, but you still need access for the moment) Click the check box to propagate the permissions to the child objects.

Now click on the ownership tab, and set the owner of the folder to the user.

Click okay at the bottom, and in the standard security tab, remove any users that don't need to be there, and click okay.

That should do it.
0
 

Author Comment

by:Ohmit
ID: 37799811
Thank you all for your input.
I REALLY appreciate it!
I will be with the customer today Tuesday, and will do some testing :-)
Hope I can close this Q later today :-)
0
 

Author Comment

by:Ohmit
ID: 37800099
Honored colleagues

The problem has been solved and case is closed.

To make this possible the following steps was performed:

D:\USER SHARED FOLDERS  shared as USERS.
Share permissions : domain users - Full access
Security : domain users - full control

Securtity rights set on individual user USERS\%username%

Security
  Advanced
    Change Permissions

- Uncheck "Include inheritable permissions....."
- Remove
- Add only user + administrators group  allowing full control
- ok

Thats it :-)
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
aws pricing 2 46
how to export this list 4 41
2 domains controllers running separate domains on same network. 4 28
ticket bloat 3 31
OfficeMate Freezes on login or does not load after login credentials are input.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question