User Home folder security is whacked. How do I regen appropriate security

I just moved a users home folder into a new share on a new server.  Because of the massive load of files it would have transferred from the old server to the new server, I moved them all to a temporary folder before changing his group GPO for home folders. Logged him out. Logged him in. Folder was created. Copied his "my documents" folder(s) into his new home folder area.  A few files/folders had security issues so, yep, I fiddled.  
How do I set his security on home folders back to what they would be if users folders were just recreated?
David BirdPartnerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Tim EdwardsIT Team Lead - Unified Communications & CollaborationCommented:
Were  you able to copy all the files and folders over into his new Home folder?

If so once they are there go to the top level of his home folder, right click and to security. click on advanced.

Check off "replace permissions on all child objects with entries shown here that apply to child objects" and click apply.

This will populate the top level permission all the way down the files and folders.

Here a link about NTFS permissions and what they effect:

http://www.ntfs.com/ntfs-permissions-file-advanced.htm
0
David BirdPartnerAuthor Commented:
It didn't change permissions on any of the folders I copied into his home "my documents" area.  User has access to \\share\homefolder$\<user>, but anything migrated/copied, ie,  desktop and my documents files, no access.  Security shows "special" permissions, but no access.
If I create a new folder in My documents, user has access and create/delete controls.  
Did I miss something on how to get the security on the folders and files I copied INTO his home folder to regen? I tried from the <user> folder and regenerated AND to the My documents folder and regenerated. No love.
0
Tim EdwardsIT Team Lead - Unified Communications & CollaborationCommented:
Can you verify the permissions on the users folder, then compare them to the desktop, my documents etc..

As well on the my documents go to advanced and verify the it is inheriting from the top level is checked
0
What were the top attacks of Q1 2018?

The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Check out our Q1 2018 report for smart, practical security advice today!

ViruScanCommented:
you need to either become the owner of root folder <user>X and all sub directories (\\share\homefolder$\<user>) (Right click on root folder - properties - Security - advanced - Owner - edit - you select your name or admin name (if you're an admin). and apply.

Once set, then you just add him to the permissions with either FULL or MOD permissions.
0
David BirdPartnerAuthor Commented:
Thank you for your responses.  Here's what I have learned by trial/error.

Steps I took.
-      I took ownership control of the user’s home folder on the old server, and put him back on as full rights so he could still work. This was necessary because in the olden days that redirection folders were created, administrator(s) was NOT allowed access to home folders.
o      Once I had access, I moved all of the “my documents“ folders and files OUT of that folder leaving just an empty my documents folder.  I had to do this because
      IF I left the files in there, when they moved to the new server, they retained their OLD folder security and Administrator was still not allowed access to the new home folder even though in the new folder redirection security the administrator does have rights. Don’t know why, it just is the way it is.
      He had nearly 15 gigs of files (yes, I’m helping him understand this is a bad thing) and logging in the first time after you move to a new redirected home folder takes about 25-60 minutes with a clean profile.  That would have taken all day.
o      I then put the user in the new GPO and logged the user in.  After the necessary slow login for the first time, everything is working as designed in the new redirection folders.
Anything created new as that user is created normally and with proper access rights. (yea so far).  
o      If I copy the data back into his home folder from the holding area as an administrator, the security is foobar.  Security for that user is NOT recreated and the user does NOT have access to the files and folders.  (this is where I started fiddling and originated this question).  
o      Ergo, I deleted all his folders (again) and this time, I logged in as the user, copied the files from the holding folder into the home folder and security then applied properly.
-      If there is/was another way to do this, I’m eager to learn.  
-      I had two open tickets and talked with three, supposedly, levels of support at Microsoft and they had no answers.  They didn’t recommend moving the folders through the check box on the redirection setup check boxes in GPO nor did they recommend returning the files to the local machine check box, taking users out of GPO and then reassigning to new GPO.  Thus my moving files out before changing their GPO assignment. I don’t know why they said these things but I didn’t argue.  
In the end all is working.  
-      Take ownership.
-      Copy files out to holding area.
-      Give user full control security to holding folder.
-      Move user to new GPO.
-      Update GPO.
-      Login user and wait……..
-      Move/copy files back to redirected folders.
-      Done.

Again, thanks for all your help and suggestions.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Tim EdwardsIT Team Lead - Unified Communications & CollaborationCommented:
Glad you were able to figure it out
0
David BirdPartnerAuthor Commented:
Not the best solution but it worked.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.