+ Post New Thread
Results 1 to 4 of 4
Windows Server 2008 R2 Thread, fixing exclusive permissions mistake in Technical; Can anyomne thinkm of a quick way to fix the fact i appeared to have left the tick on give ...
  1. #1


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    6,647
    Thank Post
    229
    Thanked 865 Times in 743 Posts
    Rep Power
    297

    fixing exclusive permissions mistake

    Can anyomne thinkm of a quick way to fix the fact i appeared to have left the tick on give users exclusive rights to their downloads folder in folder redirection. I dont fancy manually having to fix them all

    in a similar vane are their any script out there that will allow me to move the random documents/folders in a persons user area to a documents folder but leave pics/music/desktop etc alone so i dont have the 2008 folder etc filled with my documents rather than the user name

  2. #2

    ZeroHour's Avatar
    Join Date
    Dec 2005
    Location
    Edinburgh, Scotland
    Posts
    5,750
    Thank Post
    918
    Thanked 1,336 Times in 816 Posts
    Blog Entries
    1
    Rep Power
    448
    Coud you possibly post your share stucture for a typical user? It doesn't need to have real names.
    e.g.
    \\SERVER\share\users\{username\downloads
    \\SERVER\share\users\{username\my docs\downloads

    Depending on your permissions for the *users* directory shown above you could have a simple quick fix.

  3. #3


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    6,647
    Thank Post
    229
    Thanked 865 Times in 743 Posts
    Rep Power
    297
    d:\users\2008\username\my pictures
    d:\users\2008\username\my music etc

    the idea is so that their user drive just has folders in no "what i did on holiday.doc" that should be in documents then desktop.ini is no longer an issue

    had a quick test script on a copy of some random kids user area (and granted this need some %%u in it but seems to work to move all but the system folders (so favorites desktop etc) but im open to opinions

    Code:
    robocopy c:\test\6mmuteb\ c:\test\6mmuteb\documents\ /move /xd "contacts" "desktop" "downloads" "favorites" "links" "my music" "my pictures" "my videos" "saved games" "searches" "documents" /mir
    Last edited by sted; 11th March 2013 at 04:33 PM.

  4. #4

    ZeroHour's Avatar
    Join Date
    Dec 2005
    Location
    Edinburgh, Scotland
    Posts
    5,750
    Thank Post
    918
    Thanked 1,336 Times in 816 Posts
    Blog Entries
    1
    Rep Power
    448
    First things first, DO NOT TAKE OWNERSHIP OF ANY USER FILES/FOLDERS
    If you do fixing this will take a lot longer.
    As long as {username} is owned by the person (you wont be able to view this currently as they are exclusive but take over a test account's folder to grab a screenshot of permissions before deleting it or changing ownership back.
    One thing, if your using roaming profiles, the profiles are not located beneath that {username} dir? It has an additional gotcha where if you try to log into an account who is not owner of the profile (doesnt need to be exclusive), loading the proflle will fail.
    To quickly fix exclusive permissions issue you can reset permission inheritance on the 2008 folder (right click the 2008 folder) then ensure that CREATOR OWNER applies to subfolders and files. The 2008 directory should allow x usergroup to create folders in the 2008 folder but NOT apply to subfolders/files otherwise everyone can see everyone's files so you have to use advanced permissions window. Ensure domain admins and SYSTEM have permissions to 2008 and applies to subfolders and files which will allow you to access/backup files. The permissions for 2008 should be like this roughly:
    X USERGROUP => Create folders, apply to this folder only
    CREATOR OWNER => full rights (if you want that), apply to subfolders and files
    DOMAIN ADMIN GROUP/SYSTEM => Full rights, apply everywhere

    Now when you reset permissions and apply to subfolders and files in the properties dialogue all the beneath directories will be reset to match this pattern. The CREATOR OWNER gets replaced with the user who has ownership to the file/folder automatically unless they are not owner.
    That should fix the exclusive problem at least.
    To redirect the directories to subfolders specify a directory of path \\server\share\2008\%username%\ {my pics/my music/etc} which will result in the username dir being created automatically. When editing the GP there is another gotcha where it doesn't sometimes show the setting correctly when you reopen the GPO even though its set correctly so just go canny when tweaking those settings.

    Let me know how you get on.

SHARE:
+ Post New Thread

Similar Threads

  1. Probably a simple permission fix...
    By Little-Miss in forum Windows
    Replies: 1
    Last Post: 25th March 2010, 02:17 PM
  2. Whats best, Fixed or Dynamic IP?
    By ninjabeaver in forum Wireless Networks
    Replies: 20
    Last Post: 19th February 2009, 07:01 PM
  3. Cubasis - not previewing as you play [FIXED]
    By mark in forum Educational Software
    Replies: 13
    Last Post: 30th December 2005, 09:30 AM
  4. Keep them permissions!
    By woody in forum Windows
    Replies: 5
    Last Post: 2nd August 2005, 11:15 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •