Avatar of CRC IT Team
CRC IT TeamFlag for United States of America asked on

Usershare permissions

Hello Experts, I hope that you can help me with this issue. We recently migrated our file shares to a new server. We use the home folder with AD to map out usershares. These accounts were updated via AD and all 600 employees can now access there shares and data on the new server. The problem is, the permissions are now out of whack. All users can access all other shares and make changes. If this were a brand new share with no usershares, this would be easy to fix. But i don't want to go through 600 shares and set permissions for that specific user and domain admins. Is there an easier way to do this or am I up the creek on this one?

Thank you
Windows Server 2012* Usershares

Avatar of undefined
Last Comment
CRC IT Team

8/22/2022 - Mon
Darrell Porter

Smart-arsed question:  Have you heard of Powershell?

Seriously, though, I would use a Powershell script to iterate through the user objects within AD, search the folder filled with user home folders for that user's folder and set the permissions on that folder as appropriate.  The shares' permissions can be Everyone->Change, but the folder level permissions should be set per-user by the script.
ASKER
CRC IT Team

Haha, I think I have ; ). Unfortunately, I am the resident network admin and have "inherited" this mess so I don't have that much experience with Powershell. Any ideas where I could find such a script already built and that i can just adjust to suit this issue?

Thanks
Shaun Vermaak

Using SetACL and PowerShell
$UserFoldersPath = "E:\UserData";
$UserFolders = Get-ChildItem $UserFoldersPath -Directory;
foreach ($UserFolder in $UserFolders)
{
    SetACL.exe -on "$($UserFoldersPath)\$($UserFolder)" -ot file -actn ace -ace "n:Domain\$($UserFolder);p:change" -ace "n:system;p:full" -ace "n:Administrators;p:full" -actn setprot -op "dacl:p_nc;sacl:p_nc"
}

Open in new window

https://helgeklein.com/setacl/
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
ASKER
CRC IT Team

Thank you, I'll give it a whirl.
ASKER CERTIFIED SOLUTION
Robert

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER
CRC IT Team

Thanks guys, I ended up using the NTFS security module in PowerShell. Thanks you again and I copied that script you listed for future use. Have a good day.