Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Windows 2012 Folder Permissions Issues

Posted on 2016-07-14
5
Medium Priority
?
85 Views
Last Modified: 2016-08-12
we have a windows 2012r2 file server and setup a shared folder on drive d: to all our users that have a profile setup in active directory to connect to their H: drive. It was orginal on a Windows 2008 server and moved it to the new Windows 2012r2 server and having issues with permissions. The folder tree is on drive d: and its  \share\drives\faculty\ and then the user name. What permissions do i need to give the folder so that only that user has access to his or her folder inside of \share\drives\faculty and no one elses.
0
Comment
Question by:Jre19611
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 43

Accepted Solution

by:
Adam Brown earned 2000 total points
ID: 41711033
Each folder needs to be owned by the user that needs access to it. Here's probably the best way to handle it:

on \\share\drives\faculty folder:
Remove Permission inheritance (Right click folder, Properties, security tab, advanced, Disable Inheritance, when prompted, select the option to remove inherited permissions)
Add read and write permission for Domain Users. Set this permission to apply only to the Faculty folder (this allows the creation of new user folders by the system)
Grant CREATOR OWNER (this is what the system account uses to apply permissions to the user account/group set as the folder owner) full access permission. Set this permission to apply to all folders, objects, and children objects.
If you want Administrators to be able to access the shared folders (I recommend this unless you have regulator compliance requirements forbidding it), grant Read permissions to the Administrators group and have that apply to all folders, objects, and child objects.

Once that is all done, you'll have to go through each folder to make sure that the user who owns each folder is set the be the person who needs to access it, and make sure permission inheritance is enabled.

That will give the shared folders the permissions necessary to apply folder redirection and H: drive access to the users. You can also turn on Access Based Enumeration on the share to prevent users from being able to see all the other folders in the root folder.
0
 
LVL 10

Expert Comment

by:Vince Glisson
ID: 41711040
Can you post the current permissions on the faculty folder?


Do you still have the 2008 server? You can check how the structure of that share was originally setup.
0
 

Author Comment

by:Jre19611
ID: 41711142
The current permissons are as follows on the Windows 2012 server Faculty folder.

Under security tab it shows: system; administrator@domain; faculty@domain; administrator@local; administrators@local;

no old server to go by.
0
 
LVL 43

Expert Comment

by:Adam Brown
ID: 41711167
You'll want to view those permissions in the Advanced permission window (click advanced when viewing the security tab). Edit Faculty@domain and make sure that one is set so it applies "Only to this Object". If you don't want administrator accounts to be able to read the files in each folder, make sure all the other settings are the same. Add CREATOR OWNER to the permission list and grant it read and write permission, then make sure each folder is owned by the user it belongs to.
0
 
LVL 10

Expert Comment

by:Vince Glisson
ID: 41711203
CREATOR OWNER will be special permissions
SYSTEM will be full control
Faculty will be full control
Domain admins group will be full control
Administrators group (server\Administrators will be full control

You can loop back later and edit permission on the admin accounts that you don't want to be able to get into users folders , but domain and or enterprise admins will need access to them.
0

Featured Post

Tech or Treat! - Giveaway

Submit an article about your scariest tech experience—and the solution—and you’ll be automatically entered to win one of 4 fantastic tech gadgets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I don't know if many of you have made the great mistake of using the Cisco Thin Client model with the management software VXC. If you have then you are probably more then familiar with the incredibly clunky interface, the numerous work arounds, and …
The article will show you how you can maintain a simple logfile of all Startup and Shutdown events on Windows servers and desktops with PowerShell. The script can be easily adapted into doing more like gracefully silencing/updating your monitoring s…
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question