[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 319
  • Last Modified:

File Sharing and Security Setting

Some changes were made in the sharing and security of our network folders and I am unable to restore them to allow the sharing and security settings that were originally in place.

A drive was set up on a Windows 2008 server to allow various types of sharing. We want to allow a user to access their folder, add/delete/modify files and folders within their folder but no one else’s.

Drive H:\USERS\MSMITH

H:\Sharing is set to full for everyone

Users\ (Security) is set to ‘inherit’, -Read – Write (when I remove ‘write’, no one can save to their own folder but when write is added, any user can access all folders)

MSMITH\ (Security) is set to modify for msmith only.

What is the proper way to set this up? Is there a roll-back for these settings in 2008 server? THANKS
0
bizzie247
Asked:
bizzie247
  • 2
  • 2
2 Solutions
 
SandeepWalveCommented:
Share Permissions should be Full for everyone
NTFS Permissions Administrators Full
Domain Admins Full
Authenticated Users Read Only (This Folder Only)

And for Individual Folders permissions should be Full so they can do the modifications for their own data only

http://blogs.technet.com/b/migreene/archive/2008/03/24/3019467.aspx
0
 
kadafitcdCommented:
This is all assuming you have Administrative or Domain Administrative privs to the User and Users folders.  If you don't then you need to make sure that you give yourself the privs and checkmark replace all child entries.  That way you don't lock yourself out.

Go into Advanced Security and Change this to have (Everyone - no control) with the checkmark on replace all child entries :

Users\ (Security) is set to ‘inherit’, -Read – Write (when I remove ‘write’, no one can save to their own folder but when write is added, any user can access all folders)

Apply it and OK it out.

Go back into Advanced Security and change it to (Everyone - Read) and uncheckmark replace all child entries and Apply it and OK it out.

Then make sure everyone has read/write privs to their own folders one by one.  

This will make sure that no one can add or remove folders from the Users Folder.  You would be surprised how many user folders will get deleted or files get moved into the Users folder by accident.
0
 
bizzie247Author Commented:
I understood this to be the same solution, just written differently. Additionally, I had to effectively start over, using your solution. I had to re-add 'modify' to each user folder. THANKS!!
0
 
kadafitcdCommented:
Just remember adding modify to Read/write on the folders gives them the ability to delete their own shared folder.  I would suggest leaving it at read/write or you may have users who accidentally delete the folders.  Sometimes being over cautious protects us from the users who really have no business using a computer... ;)
0
 
bizzie247Author Commented:
Thanks, will do...
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now