We help IT Professionals succeed at work.

Usershare permissions

91 Views
Last Modified: 2019-01-10
Hello Experts, I hope that you can help me with this issue. We recently migrated our file shares to a new server. We use the home folder with AD to map out usershares. These accounts were updated via AD and all 600 employees can now access there shares and data on the new server. The problem is, the permissions are now out of whack. All users can access all other shares and make changes. If this were a brand new share with no usershares, this would be easy to fix. But i don't want to go through 600 shares and set permissions for that specific user and domain admins. Is there an easier way to do this or am I up the creek on this one?

Thank you
Comment
Watch Question

Darrell PorterEnterprise Business Process Architect
CERTIFIED EXPERT

Commented:
Smart-arsed question:  Have you heard of Powershell?

Seriously, though, I would use a Powershell script to iterate through the user objects within AD, search the folder filled with user home folders for that user's folder and set the permissions on that folder as appropriate.  The shares' permissions can be Everyone->Change, but the folder level permissions should be set per-user by the script.

Author

Commented:
Haha, I think I have ; ). Unfortunately, I am the resident network admin and have "inherited" this mess so I don't have that much experience with Powershell. Any ideas where I could find such a script already built and that i can just adjust to suit this issue?

Thanks
Shaun VermaakSenior Consultant
CERTIFIED EXPERT
Awarded 2017
Distinguished Expert 2019

Commented:
Using SetACL and PowerShell
$UserFoldersPath = "E:\UserData";
$UserFolders = Get-ChildItem $UserFoldersPath -Directory;
foreach ($UserFolder in $UserFolders)
{
    SetACL.exe -on "$($UserFoldersPath)\$($UserFolder)" -ot file -actn ace -ace "n:Domain\$($UserFolder);p:change" -ace "n:system;p:full" -ace "n:Administrators;p:full" -actn setprot -op "dacl:p_nc;sacl:p_nc"
}

Open in new window

https://helgeklein.com/setacl/

Author

Commented:
Thank you, I'll give it a whirl.
System Admin
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Thanks guys, I ended up using the NTFS security module in PowerShell. Thanks you again and I copied that script you listed for future use. Have a good day.
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.