Solved

Server 2008 folder permissions

Posted on 2014-01-03
5
557 Views
Last Modified: 2014-01-10
I just set permissions for each user on the server. Last director did not require that each folder have set permissions so all folders were shared with everyone. New director has requested that each folder has permissions set for just that user.
Example:
UserA can only see FolderA
UserB can only see FolderB
UserC can only see FolderC
etc....
Once I did the sharing each user can now only see his/her own folder and can not see anyone else's. All is OK on each individual workstation except the one central workstation. There is one workstation that everyone shares up front. When they are on desk duty they login as themselves. When UserA logins in upfront she only sees FolderA and the same with UserB. When UserC logins in she can see and access everyone's folder.  When UserC goes back to her desk and logins in she only sees her folder. When she goes back up front to the central desk and logins she sees all folders.
Server is set up as AD and is Server 2008 standard. Workstations are all Windows 7 Pro.
Why is this and what do I do to fix it??
0
Comment
Question by:LANengineer
5 Comments
 
LVL 35

Expert Comment

by:Mahesh
ID: 39754991
Try below instead of sharing each user folder.
Make root folder call users
Share that folder with authenticated users and administrators as change share permissions
Now in NTFS security permissions, add authenticated users, give them list folder contents and click Apply. Also check if administrators having full control, if not add it and grant full control.
Now go to advanced permissions and edit permissions for authenticated users and select "This folder only" and click apply and close all windows.
Now move all your users folder into "Users" root folder and just grant each user modify ntfs permissions on his respective folder, remove everyone and other users permissions from acl except administrators. Add administrators if not there.
Once you do that, go to Shares and storage management console and enable access based enumeration. Check below links
http://blogs.technet.com/b/aralves/archive/2007/09/20/windows-server-2008-access-based-enumeration.aspx
http://havardkristiansen.com/?p=152
Now user should be able to see only his folder to which he has access only from every where
You need to deploy map drives with new path for users
I suggest you to test this scenario 1st prior to deploy in production
It will work but we don't want to increase support calls unnecessarily

Mahesh
0
 
LVL 12

Accepted Solution

by:
ktaczala earned 500 total points
ID: 39755086
It's possible that userC profile has manually mapped other folders with save password(probably domain administrative account) and reconnect on login enabled.
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39755734
One another option is you could setup home directories for all users
You can use below article to setup home directories for all users
http://blogs.technet.com/b/askds/archive/2008/06/30/automatic-creation-of-user-folders-for-home-roaming-profile-and-redirected-folders.aspx
The above article will help you to create home directory for all users from active directory in one shot.
You can create root shared folder with permissions as indicated in above article
Then You can select all users at a time in a given OU, or through saved query and right click and go to properties, under properties, on profile tab you could just setup \\servername\rootshare\%username%
This variable will create home folder for all users underneath root shared folder with appropriate permissions and also get mapped automatically for them during logon.
Once you done with that, you need to just move users existing data folder to newly created Home Directory for respective users
Then you may enable access based enumeration as my earlier Comment or you can follow below article so that user  can be able to view only his folder to which he has access.
http://blog.luxem.org/2010/07/how-to-setup-home-directories-on.html

Mahesh
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39755775
You need to check the GPO it could be due to script or map drive configured. You also need to check the desktop where users can see other folder it could be due to manual map drive, script, schedule task configure locally,etc.
0
 

Author Closing Comment

by:LANengineer
ID: 39771913
This did the trick. All I did was disconnect the mapped drive, mapped it with that users credentials, and now all she can see is her folder. Thanks so much for your help!
0

Join & Write a Comment

OfficeMate Freezes on login or does not load after login credentials are input.
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now