Avatar of LANengineer
LANengineer asked on

Server 2008 folder permissions

I just set permissions for each user on the server. Last director did not require that each folder have set permissions so all folders were shared with everyone. New director has requested that each folder has permissions set for just that user.
Example:
UserA can only see FolderA
UserB can only see FolderB
UserC can only see FolderC
etc....
Once I did the sharing each user can now only see his/her own folder and can not see anyone else's. All is OK on each individual workstation except the one central workstation. There is one workstation that everyone shares up front. When they are on desk duty they login as themselves. When UserA logins in upfront she only sees FolderA and the same with UserB. When UserC logins in she can see and access everyone's folder.  When UserC goes back to her desk and logins in she only sees her folder. When she goes back up front to the central desk and logins she sees all folders.
Server is set up as AD and is Server 2008 standard. Workstations are all Windows 7 Pro.
Why is this and what do I do to fix it??
Windows Server 2008Windows 7Active Directory

Avatar of undefined
Last Comment
LANengineer

8/22/2022 - Mon
Mahesh

Try below instead of sharing each user folder.
Make root folder call users
Share that folder with authenticated users and administrators as change share permissions
Now in NTFS security permissions, add authenticated users, give them list folder contents and click Apply. Also check if administrators having full control, if not add it and grant full control.
Now go to advanced permissions and edit permissions for authenticated users and select "This folder only" and click apply and close all windows.
Now move all your users folder into "Users" root folder and just grant each user modify ntfs permissions on his respective folder, remove everyone and other users permissions from acl except administrators. Add administrators if not there.
Once you do that, go to Shares and storage management console and enable access based enumeration. Check below links
http://blogs.technet.com/b/aralves/archive/2007/09/20/windows-server-2008-access-based-enumeration.aspx
http://havardkristiansen.com/?p=152
Now user should be able to see only his folder to which he has access only from every where
You need to deploy map drives with new path for users
I suggest you to test this scenario 1st prior to deploy in production
It will work but we don't want to increase support calls unnecessarily

Mahesh
ASKER CERTIFIED SOLUTION
ktaczala

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Mahesh

One another option is you could setup home directories for all users
You can use below article to setup home directories for all users
http://blogs.technet.com/b/askds/archive/2008/06/30/automatic-creation-of-user-folders-for-home-roaming-profile-and-redirected-folders.aspx
The above article will help you to create home directory for all users from active directory in one shot.
You can create root shared folder with permissions as indicated in above article
Then You can select all users at a time in a given OU, or through saved query and right click and go to properties, under properties, on profile tab you could just setup \\servername\rootshare\%username%
This variable will create home folder for all users underneath root shared folder with appropriate permissions and also get mapped automatically for them during logon.
Once you done with that, you need to just move users existing data folder to newly created Home Directory for respective users
Then you may enable access based enumeration as my earlier Comment or you can follow below article so that user  can be able to view only his folder to which he has access.
http://blog.luxem.org/2010/07/how-to-setup-home-directories-on.html

Mahesh
Sandesh Dubey

You need to check the GPO it could be due to script or map drive configured. You also need to check the desktop where users can see other folder it could be due to manual map drive, script, schedule task configure locally,etc.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
ASKER
LANengineer

This did the trick. All I did was disconnect the mapped drive, mapped it with that users credentials, and now all she can see is her folder. Thanks so much for your help!