Solved

File Sharing and Security Setting

Posted on 2014-03-18
5
306 Views
Last Modified: 2014-03-19
Some changes were made in the sharing and security of our network folders and I am unable to restore them to allow the sharing and security settings that were originally in place.

A drive was set up on a Windows 2008 server to allow various types of sharing. We want to allow a user to access their folder, add/delete/modify files and folders within their folder but no one else’s.

Drive H:\USERS\MSMITH

H:\Sharing is set to full for everyone

Users\ (Security) is set to ‘inherit’, -Read – Write (when I remove ‘write’, no one can save to their own folder but when write is added, any user can access all folders)

MSMITH\ (Security) is set to modify for msmith only.

What is the proper way to set this up? Is there a roll-back for these settings in 2008 server? THANKS
0
Comment
Question by:bizzie247
  • 2
  • 2
5 Comments
 
LVL 3

Assisted Solution

by:SandeepWalve
SandeepWalve earned 250 total points
ID: 39937669
Share Permissions should be Full for everyone
NTFS Permissions Administrators Full
Domain Admins Full
Authenticated Users Read Only (This Folder Only)

And for Individual Folders permissions should be Full so they can do the modifications for their own data only

http://blogs.technet.com/b/migreene/archive/2008/03/24/3019467.aspx
0
 
LVL 12

Accepted Solution

by:
kadafitcd earned 250 total points
ID: 39937748
This is all assuming you have Administrative or Domain Administrative privs to the User and Users folders.  If you don't then you need to make sure that you give yourself the privs and checkmark replace all child entries.  That way you don't lock yourself out.

Go into Advanced Security and Change this to have (Everyone - no control) with the checkmark on replace all child entries :

Users\ (Security) is set to ‘inherit’, -Read – Write (when I remove ‘write’, no one can save to their own folder but when write is added, any user can access all folders)

Apply it and OK it out.

Go back into Advanced Security and change it to (Everyone - Read) and uncheckmark replace all child entries and Apply it and OK it out.

Then make sure everyone has read/write privs to their own folders one by one.  

This will make sure that no one can add or remove folders from the Users Folder.  You would be surprised how many user folders will get deleted or files get moved into the Users folder by accident.
0
 

Author Closing Comment

by:bizzie247
ID: 39939845
I understood this to be the same solution, just written differently. Additionally, I had to effectively start over, using your solution. I had to re-add 'modify' to each user folder. THANKS!!
0
 
LVL 12

Expert Comment

by:kadafitcd
ID: 39940854
Just remember adding modify to Read/write on the folders gives them the ability to delete their own shared folder.  I would suggest leaving it at read/write or you may have users who accidentally delete the folders.  Sometimes being over cautious protects us from the users who really have no business using a computer... ;)
0
 

Author Comment

by:bizzie247
ID: 39941232
Thanks, will do...
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
As a financial services provider, your business is impacted by two of the strictest federal regulations on record: the Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act. Correctly implementing faxing into your organization to provide secure, real-ti…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now