windows server 2008

share permission

we have 2 shares folder  share1  share 2which are writeable by the Everyone group.(windows server 2008 r2)
 
Also the Everyone group has access to the users folder in some areas.
Everyone group has write access, there are some unsecured ‘My Documents’ folders containing files from various users, the Everyone group can access some user folders.
 
the main thing is to lockdown access to individual users so personal home drives aren’t open to everyone.
can I remove everyone group?

the individual users only have access to their specific user folder and no-one else.



but how do I do for 50 users in that share 1 folder , do I need to do manually
pramod1Asked:
Who is Participating?
 
Lasse BodilsenConnect With a Mentor System AdministratorCommented:
The way i handle this in our system:

Have a shared folder on "Server1" with subfolders for each user.  and then with GPO assign that subfolder to the user under "User Configuration / Preferences / Windows Settings / Drive Maps"

and set the location to:   \\Server1\users$\%username%

that will only let the user see their own drive.  on the server i have restricted access to each users subfolder, to only this user, and no one else.  so that part will have to be done manually.
0
 
William MillerInventory/IT ConsultantCommented:
If you're worried about access to the C drive, that should be disabled by default for anyone that doesn't have admin access on the machine that drive resides on.
0
 
pramod1Author Commented:
can I do this:Make the Everyone FULL CONTROL on the share.
 REMOVE Evenyone from the list on the security tab
 ADD the groups (or users if you must) to the security tab and assign them the permissions you want them to have
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
Lasse BodilsenSystem AdministratorCommented:
Yes that is possible.

right click main folder, then Go to Advanced in the Security tab.  Disable inheritance, and set the Everyone group up for "this folder only"

then add the users to the sub folders one by one.
0
 
pramod1Author Commented:
but we did for 1 user in share folder 1 , there are 50 of them is there any script or something we can do
0
 
NVITCommented:
> but we did for 1 user in share folder 1 , there are 50 of them is there any script

You need a script using icacls.

I'm on the road now. If someone doesn't give you a solution before i arrive, I'll give you one.
0
 
pramod1Author Commented:
need to back up share1  folder before making changes, should I use wbadmin command?
0
 
NVITCommented:
> should I use wbadmin command?
That's fine. Whatever you usually use.

Regarding your needs: For each user's folder, including subfolders, do you want just that user to access it? No other user can read or write anywhere in that user's folder?

Please clarify.
0
 
pramod1Author Commented:
yes that is correct but I have kept Everyone FULL CONTROL on the share.
  and removed Everyone from the list on the security tab
0
 
NVITCommented:
> kept Everyone FULL CONTROL on the share.
That can cause access issues, giving users more rights than needed. In your case, giving Change/Modify on the share is sufficient. Then, give Modify rights via NTFS security permissions. Even Microsoft says Another approach is to set share permissions to Full Control for the Everyone group and to rely entirely on NTFS permissions to restrict access, but that's wrong. See https://www.experts-exchange.com/questions/28955946/customize-Windows-explorer-such-that-Everyone-can't-get-selected-when-users-do-folder-sharing.html#a41695298
0
 
NVITCommented:
What permissions do you want to give each users folder? I presume the modify right for the user. Also, other users can't view that users folder. This would apply for each user. Correct?
0
 
pramod1Author Commented:
yes
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.