+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 16
Windows Server 2008 R2 Thread, NEED URGENT HELP WITH FOLDER SECURITY! :'( in Technical; Hey Guys Hoping one of you geniuses can give me a hand here! We have an admin folder where all ...
  1. #1

    abillybob's Avatar
    Join Date
    May 2013
    Location
    Shropshire
    Posts
    2,529
    Thank Post
    226
    Thanked 315 Times in 231 Posts
    Rep Power
    207

    NEED URGENT HELP WITH FOLDER SECURITY! :'(

    Hey Guys

    Hoping one of you geniuses can give me a hand here! We have an admin folder where all the admin stuff such as attendance etc.. is. It sits on the staff share so everyone has been able to see it and open the documents inside which the head teacher flipped about and wants only the admin staff to be able to access it.

    Easy enough I thought I will simply add all the admin staff into a AD Security Group and delete all the other Users/Groups who have access to the folder in security I will then give this Group Full Control and none else including the Administrator Username.

    It hasn't worked like that none can access anything and the files and sub folders can't even be accessed by me the administrator! I'm really worried now as I have just checked and our FRIGGING BACKUP has failed! I'm loosing the will to live someone please help!


  2. #2
    BKGarry's Avatar
    Join Date
    Mar 2006
    Location
    Kent
    Posts
    916
    Thank Post
    93
    Thanked 119 Times in 96 Posts
    Rep Power
    47
    ok, you should be able to take ownership of the folder, using the instructions in the link below, to get the administrator account its access back, then try the security policies again.

    Take Ownership of a File or Folder

    I have done this before, it is worrying, but it is all still there, you will be fine :-)

  3. #3
    Jamman960's Avatar
    Join Date
    Sep 2007
    Location
    London/Kent
    Posts
    988
    Thank Post
    186
    Thanked 194 Times in 156 Posts
    Rep Power
    46
    You may need to take ownership of the folder plus subfolders/files and then re-do the permissions(security>advanced>ownership). Did you enter any deny permissions entries? these override any grant's that are in place.

    Also in general I'd always leave the domain admins group with read permissions at the very least to allow backups to be performed

  4. #4

    abillybob's Avatar
    Join Date
    May 2013
    Location
    Shropshire
    Posts
    2,529
    Thank Post
    226
    Thanked 315 Times in 231 Posts
    Rep Power
    207
    Ok I've took ownership of the folder and some files seem to open the others say they're corrupt and cannot be opened. The flaming backup hasn't backed up that one particular folder for some odd reason and I can't get it back.

  5. #5

    abillybob's Avatar
    Join Date
    May 2013
    Location
    Shropshire
    Posts
    2,529
    Thank Post
    226
    Thanked 315 Times in 231 Posts
    Rep Power
    207
    Yep still not working, a select few of the folders have padlocks next to them and when I try to open a word document or PDF inside of them it says I do not have the rights to access the files!? GAHHH

  6. #6
    soveryapt's Avatar
    Join Date
    Jan 2009
    Location
    Lancashire
    Posts
    2,402
    Thank Post
    648
    Thanked 277 Times in 244 Posts
    Rep Power
    78
    Did you tell it to propagate the child folders with the new ownership / access permissions when you took ownership as it just sounds like it's not been through the process of updating the child folders of that top level admin folder.

    Also, when you were locking it down, how did you go about that? The one rule to remember (that I learned in a very similar way to how you sound to be now) is don't check deny on the upper-most level that a staff member might have (so if the admins are a member of users, staff and schooladmins, if you check to Deny access on staff or users, this will also apply to the schoolsadmins group). Only use Deny to explicitly make sure a particular group (say students) can't access the folder. If you don't want staff to access it, just remove all the groups other than the one you do want to access it, then Windows normally will behave.

    As others have mentioned though, may sure you leave at least some admin read access for backups and such.

    Hope you get it sorted.

  7. #7

    abillybob's Avatar
    Join Date
    May 2013
    Location
    Shropshire
    Posts
    2,529
    Thank Post
    226
    Thanked 315 Times in 231 Posts
    Rep Power
    207
    It seems that some folders and files within the admin area aren't updating their permissions, there are far too many files to edit the permissions one by one can someone please help me I'm really stressed out should have left work over an hour ago now!

  8. #8
    fairm010's Avatar
    Join Date
    Jun 2010
    Location
    C:/Windows/System32/
    Posts
    1,168
    Thank Post
    47
    Thanked 151 Times in 132 Posts
    Rep Power
    46
    Alex you need to tick this box which will push all perms set on that folder down to all children

    billybob.png

  9. #9
    fairm010's Avatar
    Join Date
    Jun 2010
    Location
    C:/Windows/System32/
    Posts
    1,168
    Thank Post
    47
    Thanked 151 Times in 132 Posts
    Rep Power
    46
    Also, we have a different folder, on a different drive shared to Admin users mapped as a separate drive for this purpose.

  10. #10

    abillybob's Avatar
    Join Date
    May 2013
    Location
    Shropshire
    Posts
    2,529
    Thank Post
    226
    Thanked 315 Times in 231 Posts
    Rep Power
    207
    Ah hold on I think it's worked if you two @faim010 & @soveryapt are right YOU ARE LEDGENDS

  11. Thanks to abillybob from:

    soveryapt (2nd June 2014)

  12. #11

    Ephelyon's Avatar
    Join Date
    Aug 2008
    Location
    Cheshire, England
    Posts
    1,661
    Thank Post
    288
    Thanked 318 Times in 192 Posts
    Rep Power
    141
    EDIT: Didn't see the new posts!

    Try opening a command prompt and navigating to the folder above this admin one, then running this:

    takeown /a /r /f FolderName

    See what messages you get. I'm around for another half hour or so.

  13. #12
    soveryapt's Avatar
    Join Date
    Jan 2009
    Location
    Lancashire
    Posts
    2,402
    Thank Post
    648
    Thanked 277 Times in 244 Posts
    Rep Power
    78
    If you right click on the main folder, and click properties, then click on the security tab and click Advanced.

    On the Owner Tab of the advance, click Edit and choose the admin group / your account (which ever it is your trying to get back control to). The ones you can choose should be listed in the box.

    Underneath that, there is a box "Replace Owner on subcontainers and objects" - make sure this is checked then click ok.

    This will then go through the process of updating the owner on all the contents of that folder.

    Once done, you can then in the advanced settings go into the Permissions Tab and click on "Change Permissions" which will bring up a page for you to set permissions on.

    If you're doing custom permissions and this folder is within an existing structure staff have access to, then uncheck the "include permissions from this object's parent" box and also make sure you check the "Replace all child object permissions with inheritable permissions from this object" and then set the permissions for people you want to access the folder.

    Personall, I would remove all the ones there, add the standard administrators group to it with full control (assuming staff aren't admins) and then add the group for the admin staff on there with full control, this should then mean anyone outside of those 2 groups cannot access this folder. You could of course limit either of those groups to only have specific controls, but to get it working, the above should be fine.

    Click ok and it should go through the process of updating all the child object permissions and such (you'll probably get an Are You Sure box).

    Then, log on as a member of staff to make sure they can't access it, if they can't, brilliant, then log on as a member of admin staff (set up test accounts if no one is about to do this for you if you don't have them already) and if they can access it, job done, go home, and take some EduHobNobs and Whiskey with you!

  14. #13

    abillybob's Avatar
    Join Date
    May 2013
    Location
    Shropshire
    Posts
    2,529
    Thank Post
    226
    Thanked 315 Times in 231 Posts
    Rep Power
    207
    You've done it both of you are life saviours cheers

  15. Thanks to abillybob from:

    soveryapt (2nd June 2014)

  16. #14
    fairm010's Avatar
    Join Date
    Jun 2010
    Location
    C:/Windows/System32/
    Posts
    1,168
    Thank Post
    47
    Thanked 151 Times in 132 Posts
    Rep Power
    46
    Any time Alex xD

  17. #15
    soveryapt's Avatar
    Join Date
    Jan 2009
    Location
    Lancashire
    Posts
    2,402
    Thank Post
    648
    Thanked 277 Times in 244 Posts
    Rep Power
    78
    Quote Originally Posted by abillybob View Post
    You've done it both of you are life saviours cheers
    No probs, been there, done it .. glad you're sorted!

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Need Help with folder ownership in windows 7
    By mrb-solutions in forum How do you do....it?
    Replies: 9
    Last Post: 2nd August 2010, 10:28 AM
  2. Replies: 2
    Last Post: 10th October 2009, 11:12 PM
  3. Replies: 11
    Last Post: 7th March 2008, 02:28 PM
  4. I need basic help with Thinstaion hard disk deployments.
    By snsweigel in forum Thin Client and Virtual Machines
    Replies: 9
    Last Post: 4th March 2008, 07:44 PM
  5. Urgent help with JA Trans Menu V2.0 for joomla
    By gh256 in forum Web Development
    Replies: 8
    Last Post: 22nd November 2007, 04:03 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •