Solved

Can't access some folders and files within network share folder

Posted on 2014-01-29
6
568 Views
Last Modified: 2014-01-31
Hello all,

I ran into a problem today.  Our server has a file share that has completely taken a dump.  One of our admins accidentally removed the "everyone" group from the C:\data\shared directory.  I have been working on it for hours now.  

My problem is that several database files reside on the share as do all the user folders.  I can access most of the folders and files but many of them are asking me to take ownership.  I'm worried specifically about the database files as I don't know if having the administrator take ownership will affect them, but also many user files are now inaccessible to me or anyone.  I think what happened was that ownership of the files and folders was erased when the everyone group was deleted.

Are there are any tools out there that will help repair this colossal screw-up?  Or does anyone have any ideas on how to best rebuild the shares and re-grant access?

Thanks
0
Comment
Question by:Sapeur
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 

Author Comment

by:Sapeur
ID: 39819068
P.S. Or would the easiest thing to do be restore the backups from last night?  would that replace the original permissions?  I am using windows native backup from the tools menu on server 2012
0
 
LVL 81

Accepted Solution

by:
David Johnson, CD, MVP earned 250 total points
ID: 39819191
yes a backup will restore permissions. That admin should have their knuckles rapped.
0
 
LVL 9

Assisted Solution

by:tsaico
tsaico earned 250 total points
ID: 39819260
the back up should restore the rights, but the everyone group generally shouldn't be used in a domain.  Authenticated users is a better group if you just want blanket read/write for anyone who has a domain account.  

As for taking ownership, you can safely do so, then after have owner ship go back and reset the parent folder rights to what you need to and be sure you "reapply to all child" flag is ticked.  It sounds to me, the Everyone had the rights for Full Control.  Now that group is gone, you no longer have rights to change the rights, so it wants you to take ownership.
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 

Author Closing Comment

by:Sapeur
ID: 39824262
Thank you both.  You were very helpful. The back up restored the ACL on the directory from the previous day's backup.  There were several folders and files created that day that I needed to take ownership of in order to get the user access to them.

P.S.  The Jr. Admin that thought he was deleting an un-needed "employee" group but clicked "everyone" instead, now has only read access to the entire directory, I created a group called "idiots and morons" and ticked deny on everything but read.  I'll leave him in it for a few days as punishment LOL!
0
 
LVL 9

Expert Comment

by:tsaico
ID: 39824487
Poor guy...

Though, as a side note, many schools and security boot camps taught not to use the everyone group.  While the everyone group lost the anonymous and guest logins, it still has the non-user system accounts in it and shouldn't be used unless for a specific reasons to keep your risk exposure as small as possible.

This guy explains better then me...

http://blog.varonis.com/the-difference-between-everyone-and-authenticated-users/
0
 

Author Comment

by:Sapeur
ID: 39824773
Great article thanks!
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question