Link to home
Avatar of CRC IT Team
CRC IT TeamFlag for United States of America

asked on

Usershare permissions

Hello Experts, I hope that you can help me with this issue. We recently migrated our file shares to a new server. We use the home folder with AD to map out usershares. These accounts were updated via AD and all 600 employees can now access there shares and data on the new server. The problem is, the permissions are now out of whack. All users can access all other shares and make changes. If this were a brand new share with no usershares, this would be easy to fix. But i don't want to go through 600 shares and set permissions for that specific user and domain admins. Is there an easier way to do this or am I up the creek on this one?

Thank you
Avatar of Darrell Porter
Darrell Porter
Flag of United States of America image

Smart-arsed question:  Have you heard of Powershell?

Seriously, though, I would use a Powershell script to iterate through the user objects within AD, search the folder filled with user home folders for that user's folder and set the permissions on that folder as appropriate.  The shares' permissions can be Everyone->Change, but the folder level permissions should be set per-user by the script.
Avatar of CRC IT Team


Haha, I think I have ; ). Unfortunately, I am the resident network admin and have "inherited" this mess so I don't have that much experience with Powershell. Any ideas where I could find such a script already built and that i can just adjust to suit this issue?

Using SetACL and PowerShell
$UserFoldersPath = "E:\UserData";
$UserFolders = Get-ChildItem $UserFoldersPath -Directory;
foreach ($UserFolder in $UserFolders)
    SetACL.exe -on "$($UserFoldersPath)\$($UserFolder)" -ot file -actn ace -ace "n:Domain\$($UserFolder);p:change" -ace "n:system;p:full" -ace "n:Administrators;p:full" -actn setprot -op "dacl:p_nc;sacl:p_nc"

Open in new window
Thank you, I'll give it a whirl.
Avatar of Robert
Flag of United States of America image

Blurred text
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Thanks guys, I ended up using the NTFS security module in PowerShell. Thanks you again and I copied that script you listed for future use. Have a good day.