Solved

Server 2008 folder permissions

Posted on 2014-01-03
5
569 Views
Last Modified: 2014-01-10
I just set permissions for each user on the server. Last director did not require that each folder have set permissions so all folders were shared with everyone. New director has requested that each folder has permissions set for just that user.
Example:
UserA can only see FolderA
UserB can only see FolderB
UserC can only see FolderC
etc....
Once I did the sharing each user can now only see his/her own folder and can not see anyone else's. All is OK on each individual workstation except the one central workstation. There is one workstation that everyone shares up front. When they are on desk duty they login as themselves. When UserA logins in upfront she only sees FolderA and the same with UserB. When UserC logins in she can see and access everyone's folder.  When UserC goes back to her desk and logins in she only sees her folder. When she goes back up front to the central desk and logins she sees all folders.
Server is set up as AD and is Server 2008 standard. Workstations are all Windows 7 Pro.
Why is this and what do I do to fix it??
0
Comment
Question by:LANengineer
5 Comments
 
LVL 36

Expert Comment

by:Mahesh
ID: 39754991
Try below instead of sharing each user folder.
Make root folder call users
Share that folder with authenticated users and administrators as change share permissions
Now in NTFS security permissions, add authenticated users, give them list folder contents and click Apply. Also check if administrators having full control, if not add it and grant full control.
Now go to advanced permissions and edit permissions for authenticated users and select "This folder only" and click apply and close all windows.
Now move all your users folder into "Users" root folder and just grant each user modify ntfs permissions on his respective folder, remove everyone and other users permissions from acl except administrators. Add administrators if not there.
Once you do that, go to Shares and storage management console and enable access based enumeration. Check below links
http://blogs.technet.com/b/aralves/archive/2007/09/20/windows-server-2008-access-based-enumeration.aspx
http://havardkristiansen.com/?p=152
Now user should be able to see only his folder to which he has access only from every where
You need to deploy map drives with new path for users
I suggest you to test this scenario 1st prior to deploy in production
It will work but we don't want to increase support calls unnecessarily

Mahesh
0
 
LVL 12

Accepted Solution

by:
ktaczala earned 500 total points
ID: 39755086
It's possible that userC profile has manually mapped other folders with save password(probably domain administrative account) and reconnect on login enabled.
0
 
LVL 36

Expert Comment

by:Mahesh
ID: 39755734
One another option is you could setup home directories for all users
You can use below article to setup home directories for all users
http://blogs.technet.com/b/askds/archive/2008/06/30/automatic-creation-of-user-folders-for-home-roaming-profile-and-redirected-folders.aspx
The above article will help you to create home directory for all users from active directory in one shot.
You can create root shared folder with permissions as indicated in above article
Then You can select all users at a time in a given OU, or through saved query and right click and go to properties, under properties, on profile tab you could just setup \\servername\rootshare\%username%
This variable will create home folder for all users underneath root shared folder with appropriate permissions and also get mapped automatically for them during logon.
Once you done with that, you need to just move users existing data folder to newly created Home Directory for respective users
Then you may enable access based enumeration as my earlier Comment or you can follow below article so that user  can be able to view only his folder to which he has access.
http://blog.luxem.org/2010/07/how-to-setup-home-directories-on.html

Mahesh
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39755775
You need to check the GPO it could be due to script or map drive configured. You also need to check the desktop where users can see other folder it could be due to manual map drive, script, schedule task configure locally,etc.
0
 

Author Closing Comment

by:LANengineer
ID: 39771913
This did the trick. All I did was disconnect the mapped drive, mapped it with that users credentials, and now all she can see is her folder. Thanks so much for your help!
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
While working, an annoying popup showing below will come and we cannot cancel or close it form the screen. The error message will come again and again.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question