Solved

User Home folder security is whacked. How do I regen appropriate security

Posted on 2014-10-21
7
120 Views
Last Modified: 2014-11-03
I just moved a users home folder into a new share on a new server.  Because of the massive load of files it would have transferred from the old server to the new server, I moved them all to a temporary folder before changing his group GPO for home folders. Logged him out. Logged him in. Folder was created. Copied his "my documents" folder(s) into his new home folder area.  A few files/folders had security issues so, yep, I fiddled.  
How do I set his security on home folders back to what they would be if users folders were just recreated?
0
Comment
Question by:davebird
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 10

Expert Comment

by:Tim Edwards
ID: 40395118
Were  you able to copy all the files and folders over into his new Home folder?

If so once they are there go to the top level of his home folder, right click and to security. click on advanced.

Check off "replace permissions on all child objects with entries shown here that apply to child objects" and click apply.

This will populate the top level permission all the way down the files and folders.

Here a link about NTFS permissions and what they effect:

http://www.ntfs.com/ntfs-permissions-file-advanced.htm
0
 

Author Comment

by:davebird
ID: 40395480
It didn't change permissions on any of the folders I copied into his home "my documents" area.  User has access to \\share\homefolder$\<user>, but anything migrated/copied, ie,  desktop and my documents files, no access.  Security shows "special" permissions, but no access.
If I create a new folder in My documents, user has access and create/delete controls.  
Did I miss something on how to get the security on the folders and files I copied INTO his home folder to regen? I tried from the <user> folder and regenerated AND to the My documents folder and regenerated. No love.
0
 
LVL 10

Expert Comment

by:Tim Edwards
ID: 40395498
Can you verify the permissions on the users folder, then compare them to the desktop, my documents etc..

As well on the my documents go to advanced and verify the it is inheriting from the top level is checked
0
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

 
LVL 1

Expert Comment

by:ViruScan
ID: 40396128
you need to either become the owner of root folder <user>X and all sub directories (\\share\homefolder$\<user>) (Right click on root folder - properties - Security - advanced - Owner - edit - you select your name or admin name (if you're an admin). and apply.

Once set, then you just add him to the permissions with either FULL or MOD permissions.
0
 

Accepted Solution

by:
davebird earned 0 total points
ID: 40400088
Thank you for your responses.  Here's what I have learned by trial/error.

Steps I took.
-      I took ownership control of the user’s home folder on the old server, and put him back on as full rights so he could still work. This was necessary because in the olden days that redirection folders were created, administrator(s) was NOT allowed access to home folders.
o      Once I had access, I moved all of the “my documents“ folders and files OUT of that folder leaving just an empty my documents folder.  I had to do this because
      IF I left the files in there, when they moved to the new server, they retained their OLD folder security and Administrator was still not allowed access to the new home folder even though in the new folder redirection security the administrator does have rights. Don’t know why, it just is the way it is.
      He had nearly 15 gigs of files (yes, I’m helping him understand this is a bad thing) and logging in the first time after you move to a new redirected home folder takes about 25-60 minutes with a clean profile.  That would have taken all day.
o      I then put the user in the new GPO and logged the user in.  After the necessary slow login for the first time, everything is working as designed in the new redirection folders.
Anything created new as that user is created normally and with proper access rights. (yea so far).  
o      If I copy the data back into his home folder from the holding area as an administrator, the security is foobar.  Security for that user is NOT recreated and the user does NOT have access to the files and folders.  (this is where I started fiddling and originated this question).  
o      Ergo, I deleted all his folders (again) and this time, I logged in as the user, copied the files from the holding folder into the home folder and security then applied properly.
-      If there is/was another way to do this, I’m eager to learn.  
-      I had two open tickets and talked with three, supposedly, levels of support at Microsoft and they had no answers.  They didn’t recommend moving the folders through the check box on the redirection setup check boxes in GPO nor did they recommend returning the files to the local machine check box, taking users out of GPO and then reassigning to new GPO.  Thus my moving files out before changing their GPO assignment. I don’t know why they said these things but I didn’t argue.  
In the end all is working.  
-      Take ownership.
-      Copy files out to holding area.
-      Give user full control security to holding folder.
-      Move user to new GPO.
-      Update GPO.
-      Login user and wait……..
-      Move/copy files back to redirected folders.
-      Done.

Again, thanks for all your help and suggestions.
0
 
LVL 10

Expert Comment

by:Tim Edwards
ID: 40400100
Glad you were able to figure it out
0
 

Author Closing Comment

by:davebird
ID: 40419021
Not the best solution but it worked.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question