Solved

Windows 2008 File Permissions

Posted on 2014-04-08
3
151 Views
Last Modified: 2014-07-23
I know this is simple, but forgive me, I haven't had to work on folder permissions in years. This is what I'm trying to do.

In a school setting, I'm trying to set up a folder for each student that mounts when they log in.

I have a shared folder called Student Folders.

Underneath that, are folders for the graduating year, 2014, 2015, 2016, etc.

Inside those folders are the individual student folders. For example, inside the 2014 folder, I have folders named bjones, lsmith, etc. which correspond with their usernames.

The way I have it set up now, is that each student id belongs to a group called STUDENT. The STUDENT group has access from the top to the bottom. i.e. Student Folders --> 2014 --> bjones.

This works just fine. All of the clients are Macs, so when the student logs in, his network folder mounts on his dock.

The problem is, ALL students can get into all other students' folders. I only want a student to see his own folder. So when bjones logs in, he gets to Student Folders --> 2014 --> bjones .

Other info ...

bjones' profile in AD has the radio button selected for "connect to" set to :

\\servername\Student Folders\2014\bjones .

And again, Student Folders is set up as a shared folder.

How do I set this up so that each student sees only his own stuff?

Thanks,

Glen
0
Comment
Question by:glenj1978
  • 2
3 Comments
 
LVL 37

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39986000
So basically you have setup home directories in active directory for each users

Now you can try below

On students folder ensure that share permissions are set to change for authenticated users \

Then go to NTFS security of students folder and grant permissions to authenticated users as "List folder Contents", remove other permissions from here if you already have
Now ensure that on each year wise folder authenticated user have only "list folder contents" permissions and in advanced permissions ensure that permissions scope is limited to "This folder only"
Now further drill down to each user home drive and ensure that only respective user has got full control permissions on his home drive
If you found authenticated users full control permissions here, then probably users can access others home directories
In that case you need to remove authenticated users from every home directory folder

You may try this 1st on test users and by creating test folders and if got successful, replicate it on production home drives

Mahesh.
0
 

Author Comment

by:glenj1978
ID: 39986101
These folders are all inheriting permissions. Should they not be doing that? And should I remove the STUDENTS group in the permissions?
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 39986153
Inherited permissions to whom on which folder?

Students group has got what permissions on which folder ?
According to me, The problem here is students group has got inherited permissions on all home directories causing any user can access all home directories

Your home drive permissions should be like below so that every user can get access to his home directory only.
http://support.microsoft.com/kb/555046

Mahesh.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question