ConDynInc
asked on
2008 My Documents Folder Redirect Share/NTFS permissions
I have my user's My Docs redirected to a network drive located on the domain server.
Currently, all users can access their My Docs on the network. The problem is they can also access everyone elses My Docs as well. I would like prevent users from accessing other people's files but still have access to theirs.
Currently the permissions are:
Share:
Administrator R/W
Adminstrators Owner
NTFS: (Advanced Security Settings)
CREATER OWNER -- Special -- Subfolder and files only -- Full Control (inherited from root)
SYSTEM -- Full control -- This folder, subfolders and files -- Full Control (inherited from root)
Administrators -- Special -- This folder only -- Full Control <not inherited>
Administrators -- Full control -- This folder, subfolder and files -- Full control (inherited from root)
Users -- Modify -- This folder, subfolder and files -- Modify (inherited from Users directory)
The Users directory is where everyone's My docs are redirected.
Just to be clear, I did not set this up, but I would like to clean it up.
Currently, all users can access their My Docs on the network. The problem is they can also access everyone elses My Docs as well. I would like prevent users from accessing other people's files but still have access to theirs.
Currently the permissions are:
Share:
Administrator R/W
Adminstrators Owner
NTFS: (Advanced Security Settings)
CREATER OWNER -- Special -- Subfolder and files only -- Full Control (inherited from root)
SYSTEM -- Full control -- This folder, subfolders and files -- Full Control (inherited from root)
Administrators -- Special -- This folder only -- Full Control <not inherited>
Administrators -- Full control -- This folder, subfolder and files -- Full control (inherited from root)
Users -- Modify -- This folder, subfolder and files -- Modify (inherited from Users directory)
The Users directory is where everyone's My docs are redirected.
Just to be clear, I did not set this up, but I would like to clean it up.
Make the user modify on their own folder and take users off.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you. I'm going to try that.
ASKER
I tested the new settings on a single user folder under \\Users and it looks like it works.
Questions:
What do the letters in the parenthesis mean? I thought I understood, but now I'm not so sure.
subfolder permissions
This is for the administrators subfolder. This is what I should have in the window under the Security tab, correct?
[folder admin]
WINDOWS8TIPS\admin:(OI)(CI )(F)
BUILTIN\Administrators:(I) (OI)(CI)(F )
WINDOWS8TIPS\Domain Admins:(I)(OI)(CI)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(C I)(F)
WINDOWS8TIPS\admin:(I)(F)
CREATOR OWNER:(I)(OI)(CI)(IO)(F)
What user would THIS be for?
[folder dtrump]
WINDOWS8TIPS\admin:(OI)(CI )(F)
WINDOWS8TIPS\Enterprise Admins:(OI)(CI)(F)
WINDOWS8TIPS\dtrump:(I)(F)
These permissions would be what I should see in the window under the Security tab for each the subfolders under \\Users, correct?
[folder David Johnson]
BUILTIN\Administrators:(I) (OI)(CI)(F )
WINDOWS8TIPS\Domain Admins:(I)(OI)(CI)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(C I)(F)
CREATOR OWNER:(I)(OI)(CI)(IO)(F)
WINDOWS8TIPS\David Johnson:(I)(F)
[folder mskinner]
BUILTIN\Administrators:(I) (OI)(CI)(F )
WINDOWS8TIPS\Domain Admins:(I)(OI)(CI)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(C I)(F)
WINDOWS8TIPS\mskinner:(I)( F)
CREATOR OWNER:(I)(OI)(CI)(IO)(F)
Questions:
What do the letters in the parenthesis mean? I thought I understood, but now I'm not so sure.
subfolder permissions
This is for the administrators subfolder. This is what I should have in the window under the Security tab, correct?
[folder admin]
WINDOWS8TIPS\admin:(OI)(CI
BUILTIN\Administrators:(I)
WINDOWS8TIPS\Domain Admins:(I)(OI)(CI)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(C
WINDOWS8TIPS\admin:(I)(F)
CREATOR OWNER:(I)(OI)(CI)(IO)(F)
What user would THIS be for?
[folder dtrump]
WINDOWS8TIPS\admin:(OI)(CI
WINDOWS8TIPS\Enterprise Admins:(OI)(CI)(F)
WINDOWS8TIPS\dtrump:(I)(F)
These permissions would be what I should see in the window under the Security tab for each the subfolders under \\Users, correct?
[folder David Johnson]
BUILTIN\Administrators:(I)
WINDOWS8TIPS\Domain Admins:(I)(OI)(CI)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(C
CREATOR OWNER:(I)(OI)(CI)(IO)(F)
WINDOWS8TIPS\David Johnson:(I)(F)
[folder mskinner]
BUILTIN\Administrators:(I)
WINDOWS8TIPS\Domain Admins:(I)(OI)(CI)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(C
WINDOWS8TIPS\mskinner:(I)(
CREATOR OWNER:(I)(OI)(CI)(IO)(F)
users - system - Full (all checked), same with domain admins and administrators)
users/admin
allow admin full control not inherited this folder sudirs and files
allow admin special this folder only
allow creator owner special this folder
allow system FULL control this folder subfolders and files
allow administrators FULL control this folder subfolders and files
allow domain admins FULL control this folder subfolders and files
users/admin
allow admin full control not inherited this folder sudirs and files
allow admin special this folder only
allow creator owner special this folder
allow system FULL control this folder subfolders and files
allow administrators FULL control this folder subfolders and files
allow domain admins FULL control this folder subfolders and files
ASKER
A little more explanation would have been nice, but for the most part, I got what I needed out of the solution.
Thank you for your advice!!
Thank you for your advice!!