Solved

File Sharing and Security Setting

Posted on 2014-03-18
5
304 Views
Last Modified: 2014-03-19
Some changes were made in the sharing and security of our network folders and I am unable to restore them to allow the sharing and security settings that were originally in place.

A drive was set up on a Windows 2008 server to allow various types of sharing. We want to allow a user to access their folder, add/delete/modify files and folders within their folder but no one else’s.

Drive H:\USERS\MSMITH

H:\Sharing is set to full for everyone

Users\ (Security) is set to ‘inherit’, -Read – Write (when I remove ‘write’, no one can save to their own folder but when write is added, any user can access all folders)

MSMITH\ (Security) is set to modify for msmith only.

What is the proper way to set this up? Is there a roll-back for these settings in 2008 server? THANKS
0
Comment
Question by:bizzie247
  • 2
  • 2
5 Comments
 
LVL 3

Assisted Solution

by:SandeepWalve
SandeepWalve earned 250 total points
ID: 39937669
Share Permissions should be Full for everyone
NTFS Permissions Administrators Full
Domain Admins Full
Authenticated Users Read Only (This Folder Only)

And for Individual Folders permissions should be Full so they can do the modifications for their own data only

http://blogs.technet.com/b/migreene/archive/2008/03/24/3019467.aspx
0
 
LVL 12

Accepted Solution

by:
kadafitcd earned 250 total points
ID: 39937748
This is all assuming you have Administrative or Domain Administrative privs to the User and Users folders.  If you don't then you need to make sure that you give yourself the privs and checkmark replace all child entries.  That way you don't lock yourself out.

Go into Advanced Security and Change this to have (Everyone - no control) with the checkmark on replace all child entries :

Users\ (Security) is set to ‘inherit’, -Read – Write (when I remove ‘write’, no one can save to their own folder but when write is added, any user can access all folders)

Apply it and OK it out.

Go back into Advanced Security and change it to (Everyone - Read) and uncheckmark replace all child entries and Apply it and OK it out.

Then make sure everyone has read/write privs to their own folders one by one.  

This will make sure that no one can add or remove folders from the Users Folder.  You would be surprised how many user folders will get deleted or files get moved into the Users folder by accident.
0
 

Author Closing Comment

by:bizzie247
ID: 39939845
I understood this to be the same solution, just written differently. Additionally, I had to effectively start over, using your solution. I had to re-add 'modify' to each user folder. THANKS!!
0
 
LVL 12

Expert Comment

by:kadafitcd
ID: 39940854
Just remember adding modify to Read/write on the folders gives them the ability to delete their own shared folder.  I would suggest leaving it at read/write or you may have users who accidentally delete the folders.  Sometimes being over cautious protects us from the users who really have no business using a computer... ;)
0
 

Author Comment

by:bizzie247
ID: 39941232
Thanks, will do...
0

Featured Post

Swamped with email signature updates?

Have you been given a load of changes to make to your users’ email signatures? Having to manually implement multiple signatures for every department? Let Exclaimer save you from being swamped with email signature updates!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Online collaboration is quickly becoming embedded in the workplace, and its benefits are tangible. See what the current landscape looks like and what the future holds for collaboration tools and the future of work.
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now