Solved

domain user permission folder issue

Posted on 2013-05-21
3
280 Views
Last Modified: 2013-05-27
We have windows 2008 server SP1, where we have created Profile path of domain users in such a manners that top level users (Mgmt) can access the folders of their subordinates.
 
Due to some Problem Now a days the child folder not inheriting permissions of their Parent which resulting lot of problems. There are around 100 Domain User profile & each having hundreds of Files & folders.
 
Even the user itself is not getting access to their own files from profile folders
 
Can anyone suggest how to resolve the issue or implement some alternate method?

any tools software article available
0
Comment
Question by:tmsa12
3 Comments
 

Author Comment

by:tmsa12
ID: 39184022
there are some folder which administrator local, domain admin and user all has no permission, we move from olddomain.com to newdomain.com and we do not touch permission. now we have a folder username which has this issue.

it say below message raises

you do not have permission to view or edit object's permission settings

an error occured while applying security informatio to

access is denied
0
 
LVL 11

Expert Comment

by:Pradeep Dubey
ID: 39184117
To check the permissions use the below tool and findout permissions given to that folder.
http://technet.microsoft.com/en-us/sysinternals/bb897332.aspx

below steps will be helpful.

To resolve this issue, enable the Bypass Traverse Checking user right. To do so, follow these steps.

Warning If the Bypass Traverse Checking user right is enabled, users can traverse folders even if they do not have permissions to the traversed folders. This right does not allow users to list the contents of the folders. Bypass Traverse Checking is an advanced user right.
On the computer on which the inaccessible share is located, start Windows Explorer.
Open, and then right-click the shared resource's parent folder that is located directly in the root of the drive, and then click Properties. For example, if you have the following folder structure: C:\Multimedia\Music\Baroque, where the Baroque folder is the shared resource, click the Multimedia folder.
Click the Security tab, and then click Advanced.
Click to select the Reset permissions on all Child objects and enable propagation of inheritable permissions check box.
Under Permission Entries, click the user or the group which experiences the issue that is listed in the Symptoms section of this article, and then click View/Edit.
Click to select the check box that is located in the Allow column, to the right of the Traverse Folder / Execute File option. If the check box that is in the Deny column is selected, click to clear it.
Click OK three times.

http://support.microsoft.com/kb/277644
0
 
LVL 1

Accepted Solution

by:
Cashpanda earned 500 total points
ID: 39184188
Strip all permissions in the shared folders with an attrib command as the admin from the server, and then rebuild the permissions for folder access policy via logon script with permissions assigned by detailed group membership in active directory. 100 users isn't too bad if you HAD to assign these permissions manually, but a script would really automate the process.

[http://technet.microsoft.com/en-us/library/cc758918(v=ws.10).aspx]

I would assign the users as full controllers for their own directories and add the management users to a group with full control over the shares of their employees. Break your users into intelligent group memberships so that no one is left out.

That's how I would do it at least. Hope this helps.
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

We recently had an issue where out of nowhere, end users started indicating that their logins to our terminal server were just showing a "blank screen." After checking the usual suspects -- profiles, shell=explorer.exe in the registry, userinit.exe,…
Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now