Solved

Windows 2008 File Permissions

Posted on 2014-04-08
3
147 Views
Last Modified: 2014-07-23
I know this is simple, but forgive me, I haven't had to work on folder permissions in years. This is what I'm trying to do.

In a school setting, I'm trying to set up a folder for each student that mounts when they log in.

I have a shared folder called Student Folders.

Underneath that, are folders for the graduating year, 2014, 2015, 2016, etc.

Inside those folders are the individual student folders. For example, inside the 2014 folder, I have folders named bjones, lsmith, etc. which correspond with their usernames.

The way I have it set up now, is that each student id belongs to a group called STUDENT. The STUDENT group has access from the top to the bottom. i.e. Student Folders --> 2014 --> bjones.

This works just fine. All of the clients are Macs, so when the student logs in, his network folder mounts on his dock.

The problem is, ALL students can get into all other students' folders. I only want a student to see his own folder. So when bjones logs in, he gets to Student Folders --> 2014 --> bjones .

Other info ...

bjones' profile in AD has the radio button selected for "connect to" set to :

\\servername\Student Folders\2014\bjones .

And again, Student Folders is set up as a shared folder.

How do I set this up so that each student sees only his own stuff?

Thanks,

Glen
0
Comment
Question by:glenj1978
  • 2
3 Comments
 
LVL 35

Accepted Solution

by:
Mahesh earned 500 total points
Comment Utility
So basically you have setup home directories in active directory for each users

Now you can try below

On students folder ensure that share permissions are set to change for authenticated users \

Then go to NTFS security of students folder and grant permissions to authenticated users as "List folder Contents", remove other permissions from here if you already have
Now ensure that on each year wise folder authenticated user have only "list folder contents" permissions and in advanced permissions ensure that permissions scope is limited to "This folder only"
Now further drill down to each user home drive and ensure that only respective user has got full control permissions on his home drive
If you found authenticated users full control permissions here, then probably users can access others home directories
In that case you need to remove authenticated users from every home directory folder

You may try this 1st on test users and by creating test folders and if got successful, replicate it on production home drives

Mahesh.
0
 

Author Comment

by:glenj1978
Comment Utility
These folders are all inheriting permissions. Should they not be doing that? And should I remove the STUDENTS group in the permissions?
0
 
LVL 35

Expert Comment

by:Mahesh
Comment Utility
Inherited permissions to whom on which folder?

Students group has got what permissions on which folder ?
According to me, The problem here is students group has got inherited permissions on all home directories causing any user can access all home directories

Your home drive permissions should be like below so that every user can get access to his home directory only.
http://support.microsoft.com/kb/555046

Mahesh.
0

Featured Post

Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

Join & Write a Comment

I have been working as System Administrators since 2003. I recently started working as a FreeLancer and was amazed to find out that very few people are taking full advantage of their Windows Server Machines. Microsoft Windows Server comes with so…
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now