• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 578
  • Last Modified:

Can't access some folders and files within network share folder

Hello all,

I ran into a problem today.  Our server has a file share that has completely taken a dump.  One of our admins accidentally removed the "everyone" group from the C:\data\shared directory.  I have been working on it for hours now.  

My problem is that several database files reside on the share as do all the user folders.  I can access most of the folders and files but many of them are asking me to take ownership.  I'm worried specifically about the database files as I don't know if having the administrator take ownership will affect them, but also many user files are now inaccessible to me or anyone.  I think what happened was that ownership of the files and folders was erased when the everyone group was deleted.

Are there are any tools out there that will help repair this colossal screw-up?  Or does anyone have any ideas on how to best rebuild the shares and re-grant access?

Thanks
0
Sapeur
Asked:
Sapeur
  • 3
  • 2
2 Solutions
 
SapeurAuthor Commented:
P.S. Or would the easiest thing to do be restore the backups from last night?  would that replace the original permissions?  I am using windows native backup from the tools menu on server 2012
0
 
David Johnson, CD, MVPOwnerCommented:
yes a backup will restore permissions. That admin should have their knuckles rapped.
0
 
tsaicoCommented:
the back up should restore the rights, but the everyone group generally shouldn't be used in a domain.  Authenticated users is a better group if you just want blanket read/write for anyone who has a domain account.  

As for taking ownership, you can safely do so, then after have owner ship go back and reset the parent folder rights to what you need to and be sure you "reapply to all child" flag is ticked.  It sounds to me, the Everyone had the rights for Full Control.  Now that group is gone, you no longer have rights to change the rights, so it wants you to take ownership.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
SapeurAuthor Commented:
Thank you both.  You were very helpful. The back up restored the ACL on the directory from the previous day's backup.  There were several folders and files created that day that I needed to take ownership of in order to get the user access to them.

P.S.  The Jr. Admin that thought he was deleting an un-needed "employee" group but clicked "everyone" instead, now has only read access to the entire directory, I created a group called "idiots and morons" and ticked deny on everything but read.  I'll leave him in it for a few days as punishment LOL!
0
 
tsaicoCommented:
Poor guy...

Though, as a side note, many schools and security boot camps taught not to use the everyone group.  While the everyone group lost the anonymous and guest logins, it still has the non-user system accounts in it and shouldn't be used unless for a specific reasons to keep your risk exposure as small as possible.

This guy explains better then me...

http://blog.varonis.com/the-difference-between-everyone-and-authenticated-users/
0
 
SapeurAuthor Commented:
Great article thanks!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now