LANengineer
asked on
Server 2008 folder permissions
I just set permissions for each user on the server. Last director did not require that each folder have set permissions so all folders were shared with everyone. New director has requested that each folder has permissions set for just that user.
Example:
UserA can only see FolderA
UserB can only see FolderB
UserC can only see FolderC
etc....
Once I did the sharing each user can now only see his/her own folder and can not see anyone else's. All is OK on each individual workstation except the one central workstation. There is one workstation that everyone shares up front. When they are on desk duty they login as themselves. When UserA logins in upfront she only sees FolderA and the same with UserB. When UserC logins in she can see and access everyone's folder. When UserC goes back to her desk and logins in she only sees her folder. When she goes back up front to the central desk and logins she sees all folders.
Server is set up as AD and is Server 2008 standard. Workstations are all Windows 7 Pro.
Why is this and what do I do to fix it??
Example:
UserA can only see FolderA
UserB can only see FolderB
UserC can only see FolderC
etc....
Once I did the sharing each user can now only see his/her own folder and can not see anyone else's. All is OK on each individual workstation except the one central workstation. There is one workstation that everyone shares up front. When they are on desk duty they login as themselves. When UserA logins in upfront she only sees FolderA and the same with UserB. When UserC logins in she can see and access everyone's folder. When UserC goes back to her desk and logins in she only sees her folder. When she goes back up front to the central desk and logins she sees all folders.
Server is set up as AD and is Server 2008 standard. Workstations are all Windows 7 Pro.
Why is this and what do I do to fix it??
Last Comment
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
One another option is you could setup home directories for all users
You can use below article to setup home directories for all users
http://blogs.technet.com/b/askds/archive/2008/06/30/automatic-creation-of-user-folders-for-home-roaming-profile-and-redirected-folders.aspx
The above article will help you to create home directory for all users from active directory in one shot.
You can create root shared folder with permissions as indicated in above article
Then You can select all users at a time in a given OU, or through saved query and right click and go to properties, under properties, on profile tab you could just setup \\servername\rootshare\%us
This variable will create home folder for all users underneath root shared folder with appropriate permissions and also get mapped automatically for them during logon.
Once you done with that, you need to just move users existing data folder to newly created Home Directory for respective users
Then you may enable access based enumeration as my earlier Comment or you can follow below article so that user can be able to view only his folder to which he has access.
http://blog.luxem.org/2010/07/how-to-setup-home-directories-on.html
Mahesh
You can use below article to setup home directories for all users
http://blogs.technet.com/b/askds/archive/2008/06/30/automatic-creation-of-user-folders-for-home-roaming-profile-and-redirected-folders.aspx
The above article will help you to create home directory for all users from active directory in one shot.
You can create root shared folder with permissions as indicated in above article
Then You can select all users at a time in a given OU, or through saved query and right click and go to properties, under properties, on profile tab you could just setup \\servername\rootshare\%us
This variable will create home folder for all users underneath root shared folder with appropriate permissions and also get mapped automatically for them during logon.
Once you done with that, you need to just move users existing data folder to newly created Home Directory for respective users
Then you may enable access based enumeration as my earlier Comment or you can follow below article so that user can be able to view only his folder to which he has access.
http://blog.luxem.org/2010/07/how-to-setup-home-directories-on.html
Mahesh
You need to check the GPO it could be due to script or map drive configured. You also need to check the desktop where users can see other folder it could be due to manual map drive, script, schedule task configure locally,etc.
ASKER
This did the trick. All I did was disconnect the mapped drive, mapped it with that users credentials, and now all she can see is her folder. Thanks so much for your help!
Windows Server 2008
Windows Server 2008 and Windows Server 2008 R2, based on the Microsoft Vista codebase, is the last 32-bit server operating system released by Microsoft. It has a number of versions, including including Foundation, Standard, Enterprise, Datacenter, Web, HPC Server, Itanium and Storage; new features included server core installation and Hyper-V.
86K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
Make root folder call users
Share that folder with authenticated users and administrators as change share permissions
Now in NTFS security permissions, add authenticated users, give them list folder contents and click Apply. Also check if administrators having full control, if not add it and grant full control.
Now go to advanced permissions and edit permissions for authenticated users and select "This folder only" and click apply and close all windows.
Now move all your users folder into "Users" root folder and just grant each user modify ntfs permissions on his respective folder, remove everyone and other users permissions from acl except administrators. Add administrators if not there.
Once you do that, go to Shares and storage management console and enable access based enumeration. Check below links
http://blogs.technet.com/b/aralves/archive/2007/09/20/windows-server-2008-access-based-enumeration.aspx
http://havardkristiansen.com/?p=152
Now user should be able to see only his folder to which he has access only from every where
You need to deploy map drives with new path for users
I suggest you to test this scenario 1st prior to deploy in production
It will work but we don't want to increase support calls unnecessarily
Mahesh