Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

2008 My Documents Folder Redirect Share/NTFS permissions

Posted on 2012-04-13
6
Medium Priority
?
453 Views
Last Modified: 2012-04-17
I have my user's  My Docs redirected to a network drive located on the domain server.
Currently, all users can access their My Docs on the network. The problem is they can also access everyone elses My Docs as well. I would like prevent users from accessing other people's files but still have access to theirs.
Currently the permissions are:

Share:
Administrator  R/W
Adminstrators  Owner

NTFS: (Advanced Security Settings)
CREATER OWNER -- Special -- Subfolder and files only -- Full Control (inherited from root)
SYSTEM -- Full control -- This folder, subfolders and files -- Full Control (inherited from root)
Administrators -- Special -- This folder only -- Full Control <not inherited>
Administrators -- Full control -- This folder, subfolder and files -- Full control (inherited from root)
Users -- Modify -- This folder, subfolder and files -- Modify (inherited from Users directory)

The Users directory is where everyone's My docs are redirected.

Just to be clear, I did not set this up, but I would like to clean it up.
0
Comment
Question by:ConDynInc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 4

Expert Comment

by:Red_Tech
ID: 37844898
Make the user modify on their own folder and take users off.
0
 
LVL 83

Accepted Solution

by:
David Johnson, CD, MVP earned 2000 total points
ID: 37844996
Here is a sample of settings that work

\\users

Working version
Type                 Name                               Permission        Inherited From               Apply To
Allow                CreatorOwner                Special               <not inherited>              Subfolders and Files Only
Allow               Authenticated Users       Special               <not inherited>              This Folder Only
Allow               SYSTEM                             Full Control        <not inherited>            This folder, subfolders and files
Allow              Administrators                  Full Control        <not inherited>             This folder, subfolders and files
Allow              Domain Admins                Full Control        <not inherited>             This folder, subfolders and files

Creator Owner (all checked allow)
Authenticated Users (list folder/create folders)

subfolder permissions
[folder admin]
WINDOWS8TIPS\admin:(OI)(CI)(F)
BUILTIN\Administrators:(I)(OI)(CI)(F)
WINDOWS8TIPS\Domain Admins:(I)(OI)(CI)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
WINDOWS8TIPS\admin:(I)(F)
CREATOR OWNER:(I)(OI)(CI)(IO)(F)

[folder David Johnson]
BUILTIN\Administrators:(I)(OI)(CI)(F)
WINDOWS8TIPS\Domain Admins:(I)(OI)(CI)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
CREATOR OWNER:(I)(OI)(CI)(IO)(F)
WINDOWS8TIPS\David Johnson:(I)(F)

[folder dtrump]
WINDOWS8TIPS\admin:(OI)(CI)(F)
WINDOWS8TIPS\Enterprise Admins:(OI)(CI)(F)
WINDOWS8TIPS\dtrump:(I)(F)
         
[folder mskinner]
BUILTIN\Administrators:(I)(OI)(CI)(F)
WINDOWS8TIPS\Domain Admins:(I)(OI)(CI)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
WINDOWS8TIPS\mskinner:(I)(F)
CREATOR OWNER:(I)(OI)(CI)(IO)(F)
0
 

Author Comment

by:ConDynInc
ID: 37855491
Thank you. I'm going to try that.
0
Simplify Your Workload with One Tool

How do you combat today’s intelligent hacker while managing multiple domains and platforms? By simplifying your workload with one tool. With Lunarpages hosting through Plesk Onyx, you can:

Automate SSL generation and installation with two clicks
Experience total server control

 

Author Comment

by:ConDynInc
ID: 37856087
I tested the new settings on a single user folder under \\Users and it looks like it works.

Questions:
What do the letters in the parenthesis mean? I thought I understood, but now I'm not so sure.

subfolder permissions
This is for the administrators subfolder. This is what I should have in the window under the Security tab, correct?
[folder admin]  
WINDOWS8TIPS\admin:(OI)(CI)(F)
BUILTIN\Administrators:(I)(OI)(CI)(F)
WINDOWS8TIPS\Domain Admins:(I)(OI)(CI)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
WINDOWS8TIPS\admin:(I)(F)
CREATOR OWNER:(I)(OI)(CI)(IO)(F)

What user would THIS be for?
[folder dtrump]
WINDOWS8TIPS\admin:(OI)(CI)(F)
WINDOWS8TIPS\Enterprise Admins:(OI)(CI)(F)
WINDOWS8TIPS\dtrump:(I)(F)
 
These permissions would be what I should see in the window under the Security tab for each the subfolders under \\Users, correct?
[folder David Johnson]
BUILTIN\Administrators:(I)(OI)(CI)(F)
WINDOWS8TIPS\Domain Admins:(I)(OI)(CI)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
CREATOR OWNER:(I)(OI)(CI)(IO)(F)
WINDOWS8TIPS\David Johnson:(I)(F)
       
[folder mskinner]
BUILTIN\Administrators:(I)(OI)(CI)(F)
WINDOWS8TIPS\Domain Admins:(I)(OI)(CI)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
WINDOWS8TIPS\mskinner:(I)(F)
CREATOR OWNER:(I)(OI)(CI)(IO)(F)
0
 
LVL 83

Expert Comment

by:David Johnson, CD, MVP
ID: 37858172
users - system - Full (all checked), same with domain admins and administrators)

users/admin
allow admin full control not inherited this folder sudirs and files
allow admin special this folder only
allow creator owner special this folder
allow system FULL control this folder subfolders and files
allow administrators FULL control this folder subfolders and files
allow domain admins FULL control this folder subfolders and files
0
 

Author Closing Comment

by:ConDynInc
ID: 37858689
A little more explanation would have been nice, but for the most part, I got what I needed out of the solution.
Thank you for your advice!!
0

Featured Post

Understanding Web Applications

Without even knowing it, most of us are using web applications on a daily basis. Gmail and Yahoo email, Twitter, Facebook, and eBay are used by most of us daily—and they are web applications. We often confuse these web applications tools for websites.  So, what is the difference?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question