Solved

Can't access some folders and files within network share folder

Posted on 2014-01-29
6
559 Views
Last Modified: 2014-01-31
Hello all,

I ran into a problem today.  Our server has a file share that has completely taken a dump.  One of our admins accidentally removed the "everyone" group from the C:\data\shared directory.  I have been working on it for hours now.  

My problem is that several database files reside on the share as do all the user folders.  I can access most of the folders and files but many of them are asking me to take ownership.  I'm worried specifically about the database files as I don't know if having the administrator take ownership will affect them, but also many user files are now inaccessible to me or anyone.  I think what happened was that ownership of the files and folders was erased when the everyone group was deleted.

Are there are any tools out there that will help repair this colossal screw-up?  Or does anyone have any ideas on how to best rebuild the shares and re-grant access?

Thanks
0
Comment
Question by:Sapeur
  • 3
  • 2
6 Comments
 

Author Comment

by:Sapeur
ID: 39819068
P.S. Or would the easiest thing to do be restore the backups from last night?  would that replace the original permissions?  I am using windows native backup from the tools menu on server 2012
0
 
LVL 78

Accepted Solution

by:
David Johnson, CD, MVP earned 250 total points
ID: 39819191
yes a backup will restore permissions. That admin should have their knuckles rapped.
0
 
LVL 9

Assisted Solution

by:tsaico
tsaico earned 250 total points
ID: 39819260
the back up should restore the rights, but the everyone group generally shouldn't be used in a domain.  Authenticated users is a better group if you just want blanket read/write for anyone who has a domain account.  

As for taking ownership, you can safely do so, then after have owner ship go back and reset the parent folder rights to what you need to and be sure you "reapply to all child" flag is ticked.  It sounds to me, the Everyone had the rights for Full Control.  Now that group is gone, you no longer have rights to change the rights, so it wants you to take ownership.
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Closing Comment

by:Sapeur
ID: 39824262
Thank you both.  You were very helpful. The back up restored the ACL on the directory from the previous day's backup.  There were several folders and files created that day that I needed to take ownership of in order to get the user access to them.

P.S.  The Jr. Admin that thought he was deleting an un-needed "employee" group but clicked "everyone" instead, now has only read access to the entire directory, I created a group called "idiots and morons" and ticked deny on everything but read.  I'll leave him in it for a few days as punishment LOL!
0
 
LVL 9

Expert Comment

by:tsaico
ID: 39824487
Poor guy...

Though, as a side note, many schools and security boot camps taught not to use the everyone group.  While the everyone group lost the anonymous and guest logins, it still has the non-user system accounts in it and shouldn't be used unless for a specific reasons to keep your risk exposure as small as possible.

This guy explains better then me...

http://blog.varonis.com/the-difference-between-everyone-and-authenticated-users/
0
 

Author Comment

by:Sapeur
ID: 39824773
Great article thanks!
0

Featured Post

Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
A procedure for exporting installed hotfix details of remote computers using powershell
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

943 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now