Can't access some folders and files within network share folder

Hello all,

I ran into a problem today.  Our server has a file share that has completely taken a dump.  One of our admins accidentally removed the "everyone" group from the C:\data\shared directory.  I have been working on it for hours now.  

My problem is that several database files reside on the share as do all the user folders.  I can access most of the folders and files but many of them are asking me to take ownership.  I'm worried specifically about the database files as I don't know if having the administrator take ownership will affect them, but also many user files are now inaccessible to me or anyone.  I think what happened was that ownership of the files and folders was erased when the everyone group was deleted.

Are there are any tools out there that will help repair this colossal screw-up?  Or does anyone have any ideas on how to best rebuild the shares and re-grant access?

Thanks
SapeurAsked:
Who is Participating?
 
David Johnson, CD, MVPConnect With a Mentor OwnerCommented:
yes a backup will restore permissions. That admin should have their knuckles rapped.
0
 
SapeurAuthor Commented:
P.S. Or would the easiest thing to do be restore the backups from last night?  would that replace the original permissions?  I am using windows native backup from the tools menu on server 2012
0
 
tsaicoConnect With a Mentor Commented:
the back up should restore the rights, but the everyone group generally shouldn't be used in a domain.  Authenticated users is a better group if you just want blanket read/write for anyone who has a domain account.  

As for taking ownership, you can safely do so, then after have owner ship go back and reset the parent folder rights to what you need to and be sure you "reapply to all child" flag is ticked.  It sounds to me, the Everyone had the rights for Full Control.  Now that group is gone, you no longer have rights to change the rights, so it wants you to take ownership.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
SapeurAuthor Commented:
Thank you both.  You were very helpful. The back up restored the ACL on the directory from the previous day's backup.  There were several folders and files created that day that I needed to take ownership of in order to get the user access to them.

P.S.  The Jr. Admin that thought he was deleting an un-needed "employee" group but clicked "everyone" instead, now has only read access to the entire directory, I created a group called "idiots and morons" and ticked deny on everything but read.  I'll leave him in it for a few days as punishment LOL!
0
 
tsaicoCommented:
Poor guy...

Though, as a side note, many schools and security boot camps taught not to use the everyone group.  While the everyone group lost the anonymous and guest logins, it still has the non-user system accounts in it and shouldn't be used unless for a specific reasons to keep your risk exposure as small as possible.

This guy explains better then me...

http://blog.varonis.com/the-difference-between-everyone-and-authenticated-users/
0
 
SapeurAuthor Commented:
Great article thanks!
0
All Courses

From novice to tech pro — start learning today.