[Webinar] Learn how to a build a cloud-first strategyRegister Now


Home Directory Permissions Changed

Posted on 2012-09-13
Medium Priority
Last Modified: 2012-10-31
We have restarted the Windows 2008 Storage based NAS we have last night and one of the folders with personal files in has had the everyone group added with permissions to read/write/etc.

The top level folder obviously has this right so people can see the top level folder, while only the user and the administrator have rights to the individual folders.

So now, the everyone group has been added with the same rights to each private folder.  We now have to manually go through and remove this right as doing at the top level and inheriting down the tree means the individual's rights are then removed.

Any ideas what could have caused this?
Question by:CaringIT
LVL 24

Expert Comment

ID: 38397298
Sounds like someone did something they were not supposed to.
Are there any other admins that have rights to change NTFS permission?
This does not just happen automatically.

Accepted Solution

Kernel_Recovery_Tools earned 2000 total points
ID: 38398507

Talking about groups, Everyone group is actually part of the Active Directory on a server that Exchange connects to. As Everyone group contains the Guest account, and several other Built-in security identifiers like LOCAL_SERVICE, NETWORK_SERVICE, etc. it is generally considered the least secure.

When you grant the read or write permission to the Everyone group, all users and computer accounts, including domain controllers and anonymous users are able to enjoy that permission by default.

 If a user is part of the Everyone group and the Everyone group has administrator privileges, you can only restrict their rights, not their permissions. In this case, if the user is part of the Everyone group, they will have full (administrator) permissions. To avoid this situation, make another user or group an administrator and remove the administrator setting from the Everyone group. Then only the user or group specified will have full permissions and rights and Everyone else will have no permissions and Viewer rights, unless otherwise specified.

Hope this information may help you.

Kernel Recovery Tools

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question