NTFS Permissions

Good afternoon,

Hoping someone can help with this query.

I need to setup the NTFS permissions on a share such that users have rights to create their own folders and modify content in their folder but are unable to access other user's folders. The folders are used to host files scanned from an MFD and the files are added to the folders using the %USERNAME% variable under a service account. The folders are created using a Group Policy Preference (GPP).

I have configured the following permissions

Domain Users -> Create Folder (This folder only)
CREATOR OWNER -> Full Control (Subfolders and files only)
Service Account -> Full Control (Subfolders and files only)

When a file is scanned and added to the user folder although it can be seen by the user it cannot be accessed (as the Service Account is the Creator). What rights do I need to configure to achieve my requirement?


Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Pete LongTechnical ConsultantCommented:
You want the same permissions you would add to a user profile or home directory root folder
Windows Server - Setup Home Folders and Profile Folders

"When a file is scanned and added to the user folder although it can be seen by the user it cannot be accessed (as the Service Account is the Creator). "

You need to allow the CREATOR OWNER->Full control
permission to be inherited.

The user's folder needs to be owned by the user, not the service account; and  Inherit permissons needs to be checked on their folder and files in it;  for the Creator Owner   permissions to apply to their folder.

When you Allocate the Home directory in   Active Directory  users and computers;  or when you set the profile to that path, the user  logs in,   and their profile is created   on the server;
the user's identity should create the folder,  resulting in the user being its owner/creator.
Barnardos_2LSAuthor Commented:
To resolve the issue I had to write a VBS to prepopulate the folder structure and then use Xcalcs to set the appropriate permissions.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Barnardos_2LSAuthor Commented:
Self resolved.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.