share&directory permissions question

Archived from groups: microsoft.public.win2000.file_system (More info?)

From: "Eddie Walker" <ewalker3@prodigy.net>
Subject: help file share and director permission
Date: Wednesday, July 28, 2004 11:52 PM

Hey guys,
Haveing a total mind block here.

Moved to a new sever, and attempted to recreate the share and directory
permissions for the user home directory share. which ends up as the users K
drive
(each user has folder based on their login name). I want to prevent users
from being able to write to K:\, but not to their own user folder K:\SmithJ
for example.

I have a share called userdata with Modify permissions for the users,
directory permissions is set to READ/LIST/
i noticed that users appear to be able to write to the K:\ portion of the
directory.

how can i prevent that?

If i set the share permission for the users to READ, they are unable to save
to their folder on the userdata directory. even though the effective
permissions for the directory say read/write etc.

what am I missing?

Ed
1 answer Last reply
More about share directory permissions question
  1. Archived from groups: microsoft.public.win2000.file_system (More info?)

    On Thu, 29 Jul 2004 10:49:01 -0400, "Eddie Walker" <ewalker3@prodigy.net> wrote:

    >
    >From: "Eddie Walker" <ewalker3@prodigy.net>
    >Subject: help file share and director permission
    >Date: Wednesday, July 28, 2004 11:52 PM
    >
    >Hey guys,
    >Haveing a total mind block here.
    >
    >Moved to a new sever, and attempted to recreate the share and directory
    >permissions for the user home directory share. which ends up as the users K
    >drive
    >(each user has folder based on their login name). I want to prevent users
    >from being able to write to K:\, but not to their own user folder K:\SmithJ
    >for example.
    >
    >I have a share called userdata with Modify permissions for the users,
    >directory permissions is set to READ/LIST/
    >i noticed that users appear to be able to write to the K:\ portion of the
    >directory.
    >
    >how can i prevent that?
    >
    >If i set the share permission for the users to READ, they are unable to save
    >to their folder on the userdata directory. even though the effective
    >permissions for the directory say read/write etc.
    >
    >what am I missing?
    >
    >Ed
    >
    >
    >
    Share Permission: Authenticated Users - Full Control

    NTFS Permission on userdata, with inheritance on the sub-folders of userdata
    enabled:

    Authenticated Users - Read/List
    Administrators - Full Control
    Creator Owner - RWXD

    After you do the above,, set the user as the owner of their folder.

    To script it
    Download subInACL from tip 6705 in the 'Tips & Tricks' at http://www.jsiinc.com
    Using GetUsers.bat from tip 7964, run the following on
    the userdata server:

    @echo off
    setlocal
    for /f "Tokens=*" %%u in ('getusers') do (
    subinacl /subdirectories "C:\userdate\%%u\*.*" /setowner="%USERDOMAIN%\%%u"
    )
    endlocal


    Jerold Schulman
    Windows: General MVP
    JSI, Inc.
    http://www.jsiinc.com
Ask a new question

Read More

File System Microsoft Permissions Windows