"USER SHARED FOLDERS" which rights/permissions?

I am experiencing an annoying problem with a Microsoft Server 2008R2.

I have restored user data on this from a hard copy on a USB harddrive.

On the server I have a physical path "D:\USER SHARED FOLDERS\<usernames>
This is shared as "users"

Every user is configured to connect drive H: to \\SERVER\USERS\%username%

So far, so good - but if I browse the server (\\server) from client computers I am able to access all users private folders which is NOT great at all! :-(

I know this happens when you just copy data from external sources to local hard drive and share it BUT I can't figure out how and which Share Permissions and security rights must be configured.

PLEASE don't just post links to Microsoft documents but tell me how this supposed to be configured :-)


Ohm :-)
Who is Participating?
9660kelConnect With a Mentor Commented:
User by user, right click on the folder, select sharing and security.

At the bottom of the security tab, select advanced

Go to the user rights assignment tab and Clear the check box for allowing the folder to inherit permissions from the parent, when it prompts, click on copy permissions. (we'll clean it up soon, but you still need access for the moment) Click the check box to propagate the permissions to the child objects.

Now click on the ownership tab, and set the owner of the folder to the user.

Click okay at the bottom, and in the standard security tab, remove any users that don't need to be there, and click okay.

That should do it.
We share the user folders hidden \\filesvr\users\jabvab$
Persmissions for the user is full access
Domain admin FULL
domain\Administrators FULL

Is it something like this you are looking for?
You have to apply permissions to child subfolders..
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

motnahp00Connect With a Mentor Commented:
For the share permissions, I have my folder set to Everyone with Full Control. I let Active Directory create the user folder on the share. I specified the home folder as Connect to H: \\FS\users$\%username%.

It creates the folder on next logon with the appropriate NTFS permissions for just the user to include SYSTEM and Administrators.

I hope this helps.
OhmitAuthor Commented:
I have shared the folder "D:\USER SHARED FOLDERS" as "users" with share permission FULL CONTROL granted to DOMAIN USERS which I find better that EVERYONE.

I need to know EXACTLY which rights/permissions to assign to both USERS share and the users subfolders within.

I know that Windows normally take care of this if you use the "Connect to H:..." but I hasn't.
motnahp00Connect With a Mentor Commented:
Share Permissions -> Everyone (Full)

Top Level Folder NTFS Permissions -> SYSTEM (Full), Myself (Full), Administrators (Full)

Individual Folder NTFS Permissions -> System (Full), Myself (Full), the individual (Full), Administrators (Full)
withtuConnect With a Mentor Commented:
@Ohmit, I assume that you don't want users to see other's share folder in your server, is that correct?
By default, the permission was controlled by the server, and user can only see her/his shared folder once, and not able to see the folder. If you restore the whole folder back, the permission will be changed. This feature is similar with redirected folders, and follow actions will be placed by default:

1.Gives ownership of the folder to the user.
2.Sets the following ACLs on the folder:
User: Full Control
Local System: Full Control
3.Prevents inheritance of ACLs from the parent folder.

So, in order to restore the permission, you need to set each folder one-by-one, and there is no tool that can automatically do it as far as I can tell.
Withtu is correct, that is mostly how the permissions are set by default.  You can bypass the security, but when you copy the files to a new location, the permissions are lost.

The only way to avoid the permissions problem when copying this type of directory, is to use a backup task, or a file copy program that can preserve the permissions attributes.
OhmitAuthor Commented:
I don't need a tool but an explanation on which rights and permission I need to set.

I need avery user to access their home folder located under USERS but thay must not see other users file when just browsing \\SERVER\USERS

I REALLY appreciate your input :-)
OhmitAuthor Commented:
Thank you all for your input.
I REALLY appreciate it!
I will be with the customer today Tuesday, and will do some testing :-)
Hope I can close this Q later today :-)
OhmitAuthor Commented:
Honored colleagues

The problem has been solved and case is closed.

To make this possible the following steps was performed:

Share permissions : domain users - Full access
Security : domain users - full control

Securtity rights set on individual user USERS\%username%

    Change Permissions

- Uncheck "Include inheritable permissions....."
- Remove
- Add only user + administrators group  allowing full control
- ok

Thats it :-)
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.