Solved

File Sharing and Security Setting

Posted on 2014-03-18
5
311 Views
Last Modified: 2014-03-19
Some changes were made in the sharing and security of our network folders and I am unable to restore them to allow the sharing and security settings that were originally in place.

A drive was set up on a Windows 2008 server to allow various types of sharing. We want to allow a user to access their folder, add/delete/modify files and folders within their folder but no one else’s.

Drive H:\USERS\MSMITH

H:\Sharing is set to full for everyone

Users\ (Security) is set to ‘inherit’, -Read – Write (when I remove ‘write’, no one can save to their own folder but when write is added, any user can access all folders)

MSMITH\ (Security) is set to modify for msmith only.

What is the proper way to set this up? Is there a roll-back for these settings in 2008 server? THANKS
0
Comment
Question by:bizzie247
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 3

Assisted Solution

by:SandeepWalve
SandeepWalve earned 250 total points
ID: 39937669
Share Permissions should be Full for everyone
NTFS Permissions Administrators Full
Domain Admins Full
Authenticated Users Read Only (This Folder Only)

And for Individual Folders permissions should be Full so they can do the modifications for their own data only

http://blogs.technet.com/b/migreene/archive/2008/03/24/3019467.aspx
0
 
LVL 12

Accepted Solution

by:
kadafitcd earned 250 total points
ID: 39937748
This is all assuming you have Administrative or Domain Administrative privs to the User and Users folders.  If you don't then you need to make sure that you give yourself the privs and checkmark replace all child entries.  That way you don't lock yourself out.

Go into Advanced Security and Change this to have (Everyone - no control) with the checkmark on replace all child entries :

Users\ (Security) is set to ‘inherit’, -Read – Write (when I remove ‘write’, no one can save to their own folder but when write is added, any user can access all folders)

Apply it and OK it out.

Go back into Advanced Security and change it to (Everyone - Read) and uncheckmark replace all child entries and Apply it and OK it out.

Then make sure everyone has read/write privs to their own folders one by one.  

This will make sure that no one can add or remove folders from the Users Folder.  You would be surprised how many user folders will get deleted or files get moved into the Users folder by accident.
0
 

Author Closing Comment

by:bizzie247
ID: 39939845
I understood this to be the same solution, just written differently. Additionally, I had to effectively start over, using your solution. I had to re-add 'modify' to each user folder. THANKS!!
0
 
LVL 12

Expert Comment

by:kadafitcd
ID: 39940854
Just remember adding modify to Read/write on the folders gives them the ability to delete their own shared folder.  I would suggest leaving it at read/write or you may have users who accidentally delete the folders.  Sometimes being over cautious protects us from the users who really have no business using a computer... ;)
0
 

Author Comment

by:bizzie247
ID: 39941232
Thanks, will do...
0

Featured Post

Enroll in June's Course of the Month

June's Course of the Month is now available! Every 10 seconds, a consumer gets hit with ransomware. Refresh your knowledge of ransomware best practices by enrolling in this month's complimentary course for Premium Members, Team Accounts, and Qualified Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question