Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

domain user permission folder issue

Posted on 2013-05-21
3
Medium Priority
?
292 Views
Last Modified: 2013-05-27
We have windows 2008 server SP1, where we have created Profile path of domain users in such a manners that top level users (Mgmt) can access the folders of their subordinates.
 
Due to some Problem Now a days the child folder not inheriting permissions of their Parent which resulting lot of problems. There are around 100 Domain User profile & each having hundreds of Files & folders.
 
Even the user itself is not getting access to their own files from profile folders
 
Can anyone suggest how to resolve the issue or implement some alternate method?

any tools software article available
0
Comment
Question by:tmsa12
3 Comments
 

Author Comment

by:tmsa12
ID: 39184022
there are some folder which administrator local, domain admin and user all has no permission, we move from olddomain.com to newdomain.com and we do not touch permission. now we have a folder username which has this issue.

it say below message raises

you do not have permission to view or edit object's permission settings

an error occured while applying security informatio to

access is denied
0
 
LVL 11

Expert Comment

by:Pradeep Dubey
ID: 39184117
To check the permissions use the below tool and findout permissions given to that folder.
http://technet.microsoft.com/en-us/sysinternals/bb897332.aspx

below steps will be helpful.

To resolve this issue, enable the Bypass Traverse Checking user right. To do so, follow these steps.

Warning If the Bypass Traverse Checking user right is enabled, users can traverse folders even if they do not have permissions to the traversed folders. This right does not allow users to list the contents of the folders. Bypass Traverse Checking is an advanced user right.
On the computer on which the inaccessible share is located, start Windows Explorer.
Open, and then right-click the shared resource's parent folder that is located directly in the root of the drive, and then click Properties. For example, if you have the following folder structure: C:\Multimedia\Music\Baroque, where the Baroque folder is the shared resource, click the Multimedia folder.
Click the Security tab, and then click Advanced.
Click to select the Reset permissions on all Child objects and enable propagation of inheritable permissions check box.
Under Permission Entries, click the user or the group which experiences the issue that is listed in the Symptoms section of this article, and then click View/Edit.
Click to select the check box that is located in the Allow column, to the right of the Traverse Folder / Execute File option. If the check box that is in the Deny column is selected, click to clear it.
Click OK three times.

http://support.microsoft.com/kb/277644
0
 
LVL 1

Accepted Solution

by:
Cashpanda earned 1000 total points
ID: 39184188
Strip all permissions in the shared folders with an attrib command as the admin from the server, and then rebuild the permissions for folder access policy via logon script with permissions assigned by detailed group membership in active directory. 100 users isn't too bad if you HAD to assign these permissions manually, but a script would really automate the process.

[http://technet.microsoft.com/en-us/library/cc758918(v=ws.10).aspx]

I would assign the users as full controllers for their own directories and add the management users to a group with full control over the shares of their employees. Break your users into intelligent group memberships so that no one is left out.

That's how I would do it at least. Hope this helps.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question