Wireless Networks Thread, Random all users home folders available! in Technical; We have our year groups separated into different folders on the file server, i.e. Year 11's have a folder called ...
12th January 2009, 11:45 AM #1
Random all users home folders available!
We have our year groups separated into different folders on the file server, i.e. Year 11's have a folder called (for example) home11$, Year 10's home10$ and so on.
Within those folders are the students home folders. A typical path to a home folder is \\server_name\home11$\username.
We connect the students to their home folder (an 'N' drive) using Active Directory profile properties.
Recently, and randomly, when a student opens their 'N' drive, they are able to see all other students folders, and have read/write access.
Students should only have access to their own 'N' drives.
A profile reset usually resolves this problem, although the problem has repeated itself for some students.
Just in the early stages of investigating what's going wrong, so could anyone give me a suggestion as to what might be causing this to happen?
IDG Tech News
15th January 2009, 12:34 PM #2
Have you got anywhere with this yet I would love to know any more details?
Have you tried sharing each user folder instead and settings perms on both the home folder and the share for that particualr user.
15th January 2009, 12:37 PM #3
No real progress yet. What we are having to do is set permissions for each user for each home folder.
Originally Posted by danrhodes
Although we are still getting incidents of students being able to see other students folders, they now can't actually access them.
Previously they could both see and access the folders. We were getting some of the little darlings deleting other students work!
If anyone has any idea, anything, please put it down!
15th January 2009, 01:07 PM #4
Sounds like you have some NTFS permissions issues - if the only thing you have set up is the share permission e.g "year11$" - modify then try and map a student to "\\server\year11$\joebloggs" they will always be able to see, access and modify work in "\\server\year11$\anyfolder"
Originally Posted by Tx2online
You also need correct NTFS permissions on the subfolders - share permissions and NTFS permissions are not the same thing. You need both for 'belt and braces' type security. The only way the situation described could be occurring is if the NTFS permissions are not set on the home folders within the main share for each year group.
\\server\year11$\joebloggs - rw for joebloggs, full for admin/system, r for teachers
\\server\year11$\johnsmith - rw for johnsmith, full for admin/system, r for teachers
johnsmith cannot then access joebloggs folder and vice versa, even via share browsing.
When you have the NTFS permissions set correctly, my suggestion would be to install "Access Based Enumeration" on your server - this will hide any folders the user does not have read access to.
If you want to quickly set the permissions on your users home folders and they have the same folder name as user name, you can use a calcs script.
This is the one I use to quickly reset the permissions on our staff profiles -
for /D %%I in (*) DO XCACLS "%%I" /T /G BUILTIN\ADMINISTRATORS:F "NT AUTHORITY\SYSTEM":F "%%I":C /Y
This goes in a .bat file in the root folder where the profiles are stored. In English, it says "For every directory in this folder, take the folder name and apply RW permissions for the user with the same name as the folder, also add full control for Administrators and System"
15th January 2009, 01:22 PM #5
I had this problem when i moved the users home folder to a different server i added
NET USE H: \\server name\Users folder\%username% into the logon script i use and removed the home folder setting in AD
21st January 2009, 04:50 PM #6
when i moved folders in the past i used NT backup to backup and then restore them that way it keeps the security permissions
I need to run something like that script over our folders because we have directory listing / traverse folder set for authenticated users all the way down the tree from home.-> yearjoined->Username and sometimes the kids think they have found a big loophole when they are browsing down someone else's folder structure... till i point out when they try and open a file or delete a file it goes access denied :-)
Still i'd like to remove the Traverse right down at the Username Level..
By jjohnsoncantell in forum Windows
Last Post: 3rd March 2010, 02:00 PM
By johnnyTechy in forum Hardware
Last Post: 12th January 2009, 05:05 PM
By timbo343 in forum Virtual Learning Platforms
Last Post: 15th July 2008, 03:38 PM
By baronne in forum Scripts
Last Post: 20th August 2007, 02:20 PM
Last Post: 26th January 2007, 12:15 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)