Solved

User Home folder security is whacked. How do I regen appropriate security

Posted on 2014-10-21
7
115 Views
Last Modified: 2014-11-03
I just moved a users home folder into a new share on a new server.  Because of the massive load of files it would have transferred from the old server to the new server, I moved them all to a temporary folder before changing his group GPO for home folders. Logged him out. Logged him in. Folder was created. Copied his "my documents" folder(s) into his new home folder area.  A few files/folders had security issues so, yep, I fiddled.  
How do I set his security on home folders back to what they would be if users folders were just recreated?
0
Comment
Question by:davebird
  • 3
  • 3
7 Comments
 
LVL 8

Expert Comment

by:Tim Edwards
ID: 40395118
Were  you able to copy all the files and folders over into his new Home folder?

If so once they are there go to the top level of his home folder, right click and to security. click on advanced.

Check off "replace permissions on all child objects with entries shown here that apply to child objects" and click apply.

This will populate the top level permission all the way down the files and folders.

Here a link about NTFS permissions and what they effect:

http://www.ntfs.com/ntfs-permissions-file-advanced.htm
0
 

Author Comment

by:davebird
ID: 40395480
It didn't change permissions on any of the folders I copied into his home "my documents" area.  User has access to \\share\homefolder$\<user>, but anything migrated/copied, ie,  desktop and my documents files, no access.  Security shows "special" permissions, but no access.
If I create a new folder in My documents, user has access and create/delete controls.  
Did I miss something on how to get the security on the folders and files I copied INTO his home folder to regen? I tried from the <user> folder and regenerated AND to the My documents folder and regenerated. No love.
0
 
LVL 8

Expert Comment

by:Tim Edwards
ID: 40395498
Can you verify the permissions on the users folder, then compare them to the desktop, my documents etc..

As well on the my documents go to advanced and verify the it is inheriting from the top level is checked
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 1

Expert Comment

by:ViruScan
ID: 40396128
you need to either become the owner of root folder <user>X and all sub directories (\\share\homefolder$\<user>) (Right click on root folder - properties - Security - advanced - Owner - edit - you select your name or admin name (if you're an admin). and apply.

Once set, then you just add him to the permissions with either FULL or MOD permissions.
0
 

Accepted Solution

by:
davebird earned 0 total points
ID: 40400088
Thank you for your responses.  Here's what I have learned by trial/error.

Steps I took.
-      I took ownership control of the user’s home folder on the old server, and put him back on as full rights so he could still work. This was necessary because in the olden days that redirection folders were created, administrator(s) was NOT allowed access to home folders.
o      Once I had access, I moved all of the “my documents“ folders and files OUT of that folder leaving just an empty my documents folder.  I had to do this because
      IF I left the files in there, when they moved to the new server, they retained their OLD folder security and Administrator was still not allowed access to the new home folder even though in the new folder redirection security the administrator does have rights. Don’t know why, it just is the way it is.
      He had nearly 15 gigs of files (yes, I’m helping him understand this is a bad thing) and logging in the first time after you move to a new redirected home folder takes about 25-60 minutes with a clean profile.  That would have taken all day.
o      I then put the user in the new GPO and logged the user in.  After the necessary slow login for the first time, everything is working as designed in the new redirection folders.
Anything created new as that user is created normally and with proper access rights. (yea so far).  
o      If I copy the data back into his home folder from the holding area as an administrator, the security is foobar.  Security for that user is NOT recreated and the user does NOT have access to the files and folders.  (this is where I started fiddling and originated this question).  
o      Ergo, I deleted all his folders (again) and this time, I logged in as the user, copied the files from the holding folder into the home folder and security then applied properly.
-      If there is/was another way to do this, I’m eager to learn.  
-      I had two open tickets and talked with three, supposedly, levels of support at Microsoft and they had no answers.  They didn’t recommend moving the folders through the check box on the redirection setup check boxes in GPO nor did they recommend returning the files to the local machine check box, taking users out of GPO and then reassigning to new GPO.  Thus my moving files out before changing their GPO assignment. I don’t know why they said these things but I didn’t argue.  
In the end all is working.  
-      Take ownership.
-      Copy files out to holding area.
-      Give user full control security to holding folder.
-      Move user to new GPO.
-      Update GPO.
-      Login user and wait……..
-      Move/copy files back to redirected folders.
-      Done.

Again, thanks for all your help and suggestions.
0
 
LVL 8

Expert Comment

by:Tim Edwards
ID: 40400100
Glad you were able to figure it out
0
 

Author Closing Comment

by:davebird
ID: 40419021
Not the best solution but it worked.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now