+ Post New Thread
Results 1 to 5 of 5
Windows Thread, User's Network Home Folder Permissions in Technical; I was going through random Users Home Folder NTFS Permissions and noticed that from the primary level down they all ...
  1. #1

    Join Date
    Jun 2008
    Posts
    719
    Thank Post
    118
    Thanked 64 Times in 52 Posts
    Rep Power
    31

    User's Network Home Folder Permissions

    I was going through random Users Home Folder NTFS Permissions and noticed that from the primary level down they all have Modify permissions under the Authenticated Users group.

    My storage of peoples' home folders are as follows:

    From Server
    D:\Users\Admin\Username
    D:\Users\Pupils\Intake Year\Username
    D:\Users\Teaching Staff\Username
    D:\Users\Non-teaching Staff\Username
    D:\Users\System Administrators\Username

    Mapped as:
    \\servername\users$\Admin\%username%
    \\servername\users$\Yeargroup\Intake Year\%username%
    \\servername\users$\Teaching Staff\%username%
    \\servername\users$\Non-teaching Staff\%username%
    \\servername\users$\System Administrators\%username%

    Permissions are set from the Users folder:
    Administrators: Full
    Backup Operators: Full
    Authenticated Users: Modify
    System: Full

    My problem is, is that someone such as a non-teaching staff member can view other people's user area by using Windows Media Player (Tools --> Rip Music --> Change (location of storage)).

    Is there a way I can reset all the permissions so that everybody has either Full or Modify NTFS permissions on their own home folder but no where else?

    Effectively meaning that people's home drives get mapped as \\severname\username$ rather than \\servername\users$\non-teachingstaff\username.

    Furthermore, the permissions then read on a person's folder like this:

    Administrators: Full
    Joe Bloggs: Modify
    Backup Operators: Full
    System: Full


    Have I made sense?
    Simply put, I want to set up NTFS permissions in the way it's done on an RM CC3 network for its users.

  2. #2
    DrPerceptron's Avatar
    Join Date
    Dec 2008
    Location
    In a house
    Posts
    926
    Thank Post
    34
    Thanked 134 Times in 114 Posts
    Rep Power
    41
    By the sounds of it... you still need to use the folder paths when mapping drives, but with correct NTFS permissions, it doesn't matter because only the relevant people can go where they should.

    Really, on parent folders, you want just a Traverse Folders/Execute Files (I believe that lets people access their subfolder but not present any folders if they browse)

    Then once they reach their own folder, as you rightly updated, just their own permission... it's upto you whether you allow staff access to student areas...


    If you go to the Advanced section of the Security tabs, you can use effective permissions to see what kind of permissions you would get as xyz user, handy for checking if it's correct.

    As for en-masse (?) you can use CACLS, XCACLS or the VB variant (subinacl?) to change the permissions... but you'd want to set your parent folder permissions first, then loop through the rest individually.


    NB: make sure you set Traverse permissions on "this folder".

    NB2: That's the short of how it's setup here... although we split our staff and students away from eachother so they can't do anything regardless of correct/incorrect NTFS permissions.

  3. #3

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,600
    Thank Post
    109
    Thanked 769 Times in 598 Posts
    Rep Power
    181

  4. #4

    Join Date
    May 2009
    Location
    UK
    Posts
    294
    Thank Post
    64
    Thanked 21 Times in 20 Posts
    Rep Power
    15
    I don't know if MS 274443 might be of interest. I used it in a test lab a while ago and the explicit permissions detailed in it seem to work nicely.

  5. #5

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115
    I don't know if MS 274443 might be of interest.
    At a glance it looks the same, so here's a better link for that method with screenshots etc.: MS DS Team blog

    I think it works nicely too.

SHARE:
+ Post New Thread

Similar Threads

  1. User home folder, unsure of problem
    By itschad in forum Wireless Networks
    Replies: 4
    Last Post: 12th September 2008, 05:03 PM
  2. Reset Home folder permissions
    By garym2000 in forum Windows
    Replies: 10
    Last Post: 29th March 2008, 11:16 AM
  3. User areas + User share permissions.
    By Dos_Box in forum Windows
    Replies: 6
    Last Post: 11th September 2007, 11:17 AM
  4. Users Home Folder and Network Drive
    By lovelldr in forum Windows
    Replies: 6
    Last Post: 6th August 2007, 10:17 AM
  5. Home paths in server 2k3 + full permissions to user
    By Oops_my_bad in forum Windows
    Replies: 7
    Last Post: 21st June 2007, 11:07 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •