Sign in with
Sign up | Sign in
Your question

share&directory permissions question

Tags:
  • File System
  • Microsoft
  • Permissions
  • Windows
Last response: in Windows 2000/NT
Share
Anonymous
July 29, 2004 2:49:01 PM

Archived from groups: microsoft.public.win2000.file_system (More info?)

From: "Eddie Walker" <ewalker3@prodigy.net>
Subject: help file share and director permission
Date: Wednesday, July 28, 2004 11:52 PM

Hey guys,
Haveing a total mind block here.

Moved to a new sever, and attempted to recreate the share and directory
permissions for the user home directory share. which ends up as the users K
drive
(each user has folder based on their login name). I want to prevent users
from being able to write to K:\, but not to their own user folder K:\SmithJ
for example.

I have a share called userdata with Modify permissions for the users,
directory permissions is set to READ/LIST/
i noticed that users appear to be able to write to the K:\ portion of the
directory.

how can i prevent that?

If i set the share permission for the users to READ, they are unable to save
to their folder on the userdata directory. even though the effective
permissions for the directory say read/write etc.

what am I missing?

Ed

More about : share directory permissions question

Anonymous
July 29, 2004 7:26:02 PM

Archived from groups: microsoft.public.win2000.file_system (More info?)

On Thu, 29 Jul 2004 10:49:01 -0400, "Eddie Walker" <ewalker3@prodigy.net> wrote:

>
>From: "Eddie Walker" <ewalker3@prodigy.net>
>Subject: help file share and director permission
>Date: Wednesday, July 28, 2004 11:52 PM
>
>Hey guys,
>Haveing a total mind block here.
>
>Moved to a new sever, and attempted to recreate the share and directory
>permissions for the user home directory share. which ends up as the users K
>drive
>(each user has folder based on their login name). I want to prevent users
>from being able to write to K:\, but not to their own user folder K:\SmithJ
>for example.
>
>I have a share called userdata with Modify permissions for the users,
>directory permissions is set to READ/LIST/
>i noticed that users appear to be able to write to the K:\ portion of the
>directory.
>
>how can i prevent that?
>
>If i set the share permission for the users to READ, they are unable to save
>to their folder on the userdata directory. even though the effective
>permissions for the directory say read/write etc.
>
>what am I missing?
>
>Ed
>
>
>
Share Permission: Authenticated Users - Full Control

NTFS Permission on userdata, with inheritance on the sub-folders of userdata
enabled:

Authenticated Users - Read/List
Administrators - Full Control
Creator Owner - RWXD

After you do the above,, set the user as the owner of their folder.

To script it
Download subInACL from tip 6705 in the 'Tips & Tricks' at http://www.jsiinc.com
Using GetUsers.bat from tip 7964, run the following on
the userdata server:

@echo off
setlocal
for /f "Tokens=*" %%u in ('getusers') do (
subinacl /subdirectories "C:\userdate\%%u\*.*" /setowner="%USERDOMAIN%\%%u"
)
endlocal



Jerold Schulman
Windows: General MVP
JSI, Inc.
http://www.jsiinc.com
!