Solved

Help with Windows Server 2003 file permissions

Posted on 2013-06-26
6
465 Views
Last Modified: 2013-07-03
This seems like a simple matter, but I can't get it resolved.

Our file server is running Windows Server 2003.  I have a group of seven users who wanted to have their own network share that only they could access.  All seven users would have full control over all files and folders.

So I set up a network share for them, and they moved their folders into it.  Now all hell has broken loose, as some files/folders are inaccessible to some users (I realize now that the objects probably should have been COPIED and not MOVED, but it's too late now).

I tried to add all seven users individually to the parent directory's security tab, but the permissions did not seem to propagate down to the child folders.  So I then created a security group in AD, added all the users to the group (as well as myself), and changed ownership of the top-level directory.  And still... the users are complaining to me that they still can't see each other's files.

How do I set this up?  Again, it's a simple thing in theory:  All seven users should have full control over all the objects in the share.  How hard can this be?
0
Comment
Question by:chernavsky
  • 3
  • 2
6 Comments
 
LVL 14

Accepted Solution

by:
Raj-GT earned 350 total points
ID: 39278728
Go to Security > Advanced at the root of the shared folder and select the option to "Replace all child object permissions with inheritable permissions from this object" this operation will take a few minutes depending on the number of files but it should replace the permissions with the permissions from the root of the folder.

Also make sure you have the correct share level permissions set to the group.
0
 

Author Comment

by:chernavsky
ID: 39278776
Raj, thanks for the tip.  I think I did that already, but I will try it again.  Can you explain a little bit what you meant by, "Also make sure you have the correct share level permissions set to the group."?

Thanks again.
0
 
LVL 14

Assisted Solution

by:Raj-GT
Raj-GT earned 350 total points
ID: 39279484
When you create a network share, you are required to set sharing permissions on the folder. The default is usually full permission to everyone, just check to see if you have applied a more restrictive one here.
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 9

Expert Comment

by:VirastaR
ID: 39281093
Hi,

Check this

How permissions are handled when you copy and move files and folders
http://support.microsoft.com/kb/310316

For Reference:
http://www.tomshardware.com/reviews/server-part-2,846-19.html

Hope that helps :)
0
 

Assisted Solution

by:chernavsky
chernavsky earned 0 total points
ID: 39284047
OK, here was the problem.  Unbeknownst to me, one of the users had somehow managed to make a local copy (on her C: drive) of the whole network share.  When she was looking at her local copy, she thought she was looking at the network share.  She was the one who kept complaining to me that none of the changes that she made were visible to any of her co-workers, and her co-workers' changes were not visible to her.

In the meantime, I had been pulling out my hair, trying to figure out what was wrong with the permissions on the share.
0
 

Author Closing Comment

by:chernavsky
ID: 39295972
I gave half the points to Raj-GT, because he basically gave the correct answer, although his solution didn't really solve the root of the problem.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question