Barnardos_2LS
asked on
NTFS Permissions
Good afternoon,
Hoping someone can help with this query.
I need to setup the NTFS permissions on a share such that users have rights to create their own folders and modify content in their folder but are unable to access other user's folders. The folders are used to host files scanned from an MFD and the files are added to the folders using the %USERNAME% variable under a service account. The folders are created using a Group Policy Preference (GPP).
I have configured the following permissions
Share:
Domain Users -> Create Folder (This folder only)
CREATOR OWNER -> Full Control (Subfolders and files only)
Service Account -> Full Control (Subfolders and files only)
When a file is scanned and added to the user folder although it can be seen by the user it cannot be accessed (as the Service Account is the Creator). What rights do I need to configure to achieve my requirement?
Thanks,
Michael
Hoping someone can help with this query.
I need to setup the NTFS permissions on a share such that users have rights to create their own folders and modify content in their folder but are unable to access other user's folders. The folders are used to host files scanned from an MFD and the files are added to the folders using the %USERNAME% variable under a service account. The folders are created using a Group Policy Preference (GPP).
I have configured the following permissions
Share:
Domain Users -> Create Folder (This folder only)
CREATOR OWNER -> Full Control (Subfolders and files only)
Service Account -> Full Control (Subfolders and files only)
When a file is scanned and added to the user folder although it can be seen by the user it cannot be accessed (as the Service Account is the Creator). What rights do I need to configure to achieve my requirement?
Thanks,
Michael
"When a file is scanned and added to the user folder although it can be seen by the user it cannot be accessed (as the Service Account is the Creator). "
You need to allow the CREATOR OWNER->Full control
permission to be inherited.
The user's folder needs to be owned by the user, not the service account; and Inherit permissons needs to be checked on their folder and files in it; for the Creator Owner permissions to apply to their folder.
When you Allocate the Home directory in Active Directory users and computers; or when you set the profile to that path, the user logs in, and their profile is created on the server;
the user's identity should create the folder, resulting in the user being its owner/creator.
You need to allow the CREATOR OWNER->Full control
permission to be inherited.
The user's folder needs to be owned by the user, not the service account; and Inherit permissons needs to be checked on their folder and files in it; for the Creator Owner permissions to apply to their folder.
When you Allocate the Home directory in Active Directory users and computers; or when you set the profile to that path, the user logs in, and their profile is created on the server;
the user's identity should create the folder, resulting in the user being its owner/creator.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Self resolved.
Windows Server - Setup Home Folders and Profile Folders
PL