Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Windows 2008 File Permissions

Posted on 2014-04-08
3
Medium Priority
?
157 Views
Last Modified: 2014-07-23
I know this is simple, but forgive me, I haven't had to work on folder permissions in years. This is what I'm trying to do.

In a school setting, I'm trying to set up a folder for each student that mounts when they log in.

I have a shared folder called Student Folders.

Underneath that, are folders for the graduating year, 2014, 2015, 2016, etc.

Inside those folders are the individual student folders. For example, inside the 2014 folder, I have folders named bjones, lsmith, etc. which correspond with their usernames.

The way I have it set up now, is that each student id belongs to a group called STUDENT. The STUDENT group has access from the top to the bottom. i.e. Student Folders --> 2014 --> bjones.

This works just fine. All of the clients are Macs, so when the student logs in, his network folder mounts on his dock.

The problem is, ALL students can get into all other students' folders. I only want a student to see his own folder. So when bjones logs in, he gets to Student Folders --> 2014 --> bjones .

Other info ...

bjones' profile in AD has the radio button selected for "connect to" set to :

\\servername\Student Folders\2014\bjones .

And again, Student Folders is set up as a shared folder.

How do I set this up so that each student sees only his own stuff?

Thanks,

Glen
0
Comment
Question by:glenj1978
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 37

Accepted Solution

by:
Mahesh earned 2000 total points
ID: 39986000
So basically you have setup home directories in active directory for each users

Now you can try below

On students folder ensure that share permissions are set to change for authenticated users \

Then go to NTFS security of students folder and grant permissions to authenticated users as "List folder Contents", remove other permissions from here if you already have
Now ensure that on each year wise folder authenticated user have only "list folder contents" permissions and in advanced permissions ensure that permissions scope is limited to "This folder only"
Now further drill down to each user home drive and ensure that only respective user has got full control permissions on his home drive
If you found authenticated users full control permissions here, then probably users can access others home directories
In that case you need to remove authenticated users from every home directory folder

You may try this 1st on test users and by creating test folders and if got successful, replicate it on production home drives

Mahesh.
0
 

Author Comment

by:glenj1978
ID: 39986101
These folders are all inheriting permissions. Should they not be doing that? And should I remove the STUDENTS group in the permissions?
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 39986153
Inherited permissions to whom on which folder?

Students group has got what permissions on which folder ?
According to me, The problem here is students group has got inherited permissions on all home directories causing any user can access all home directories

Your home drive permissions should be like below so that every user can get access to his home directory only.
http://support.microsoft.com/kb/555046

Mahesh.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question