Solved

domain user permission folder issue

Posted on 2013-05-21
3
284 Views
Last Modified: 2013-05-27
We have windows 2008 server SP1, where we have created Profile path of domain users in such a manners that top level users (Mgmt) can access the folders of their subordinates.
 
Due to some Problem Now a days the child folder not inheriting permissions of their Parent which resulting lot of problems. There are around 100 Domain User profile & each having hundreds of Files & folders.
 
Even the user itself is not getting access to their own files from profile folders
 
Can anyone suggest how to resolve the issue or implement some alternate method?

any tools software article available
0
Comment
Question by:tmsa12
3 Comments
 

Author Comment

by:tmsa12
ID: 39184022
there are some folder which administrator local, domain admin and user all has no permission, we move from olddomain.com to newdomain.com and we do not touch permission. now we have a folder username which has this issue.

it say below message raises

you do not have permission to view or edit object's permission settings

an error occured while applying security informatio to

access is denied
0
 
LVL 11

Expert Comment

by:Pradeep Dubey
ID: 39184117
To check the permissions use the below tool and findout permissions given to that folder.
http://technet.microsoft.com/en-us/sysinternals/bb897332.aspx

below steps will be helpful.

To resolve this issue, enable the Bypass Traverse Checking user right. To do so, follow these steps.

Warning If the Bypass Traverse Checking user right is enabled, users can traverse folders even if they do not have permissions to the traversed folders. This right does not allow users to list the contents of the folders. Bypass Traverse Checking is an advanced user right.
On the computer on which the inaccessible share is located, start Windows Explorer.
Open, and then right-click the shared resource's parent folder that is located directly in the root of the drive, and then click Properties. For example, if you have the following folder structure: C:\Multimedia\Music\Baroque, where the Baroque folder is the shared resource, click the Multimedia folder.
Click the Security tab, and then click Advanced.
Click to select the Reset permissions on all Child objects and enable propagation of inheritable permissions check box.
Under Permission Entries, click the user or the group which experiences the issue that is listed in the Symptoms section of this article, and then click View/Edit.
Click to select the check box that is located in the Allow column, to the right of the Traverse Folder / Execute File option. If the check box that is in the Deny column is selected, click to clear it.
Click OK three times.

http://support.microsoft.com/kb/277644
0
 
LVL 1

Accepted Solution

by:
Cashpanda earned 500 total points
ID: 39184188
Strip all permissions in the shared folders with an attrib command as the admin from the server, and then rebuild the permissions for folder access policy via logon script with permissions assigned by detailed group membership in active directory. 100 users isn't too bad if you HAD to assign these permissions manually, but a script would really automate the process.

[http://technet.microsoft.com/en-us/library/cc758918(v=ws.10).aspx]

I would assign the users as full controllers for their own directories and add the management users to a group with full control over the shares of their employees. Break your users into intelligent group memberships so that no one is left out.

That's how I would do it at least. Hope this helps.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question