Question

Locked

Disappearing Drives - simple but confounding

By lfruchter ·
Dear Wise Ones,

I'm setting up Win Server 2003 for my school and am experiencing strange behavior when I logon my test accounts.

We have a single domain/server with security groups for Admins, Teachers and Students.

The file area of the server has 5 partitions:

1) "Apps" for my use only, for now
2) "Public" for staff to place documents that other staff and students may copy
3) "Teachers" for folders into which students will place completed assignments
4) "Users" holding each user's individual directory
5) "Utils" for my use only

I've set up permissions on the partitions so that Students can
a] read but not write to Public
b] read the top level of Teachers (but not write) so that they can find a particular teacher's folder in which they should be placing their work
c] write to but not read the individual teacher directories in Teachers so that they can deliver their work without seeing or messing with anybody else's work

This seems simple enough and everything works great the first time I logon a test student account from a workstation. The second time I logon, however, the Teacher partition fails to show up in the student account. The third time I try it, the Public partition fails to show up.

The test account I have for the Teachers security group does not have these restrictions and works fine so far.

I'm testing this from a pretty old workstation, a Dell Latitude C610 running Win XPsp2.

Many thanks to anyone who can clue me in to what I'm doing wrong here.

Yours in need and gratitude,
Lev in Brooklyn

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Permission Inheritance

by BFilmFan In reply to Disappearing Drives - sim ...

How is permission inheritance configured on the folders?

Collapse -

Inheritance

by lfruchter In reply to Permission Inheritance

Right, they're just folders, not partitions. Thanks.

My test user account is a member of only the Students and Domain Users security groups.

The data partition of the server which holds all these folders does not include settings for the Students or Domain Users security groups although the groups "Users (my domain\Users)" and "Everyone" do allow Read & Execute, List and Read. "Authenticated Users" allows the same, along with Modify and Write. "Replace permission entries on all child objects..." is not checked for the partition.

The Teachers folder has "Allow inheritable permissions..." checked but not "Replace permission entries on all child objects..." because I want Students to be able to see the folders on Teachers but not see what's in the folders. Students also need to be able to Write into those folders but not in the top level Teachers folder itself. For the Students security group, I have allowed Read for the top level Teacher folder and denied Write.

Phew! I hope I supplied all the relevant information there. I'm really grateful for the interest you're taking and any help or guidance you have.

Best,
Lev

Collapse -

Shares? Drive mapping?

by james.jones In reply to Disappearing Drives - sim ...

Hehe. I feel your pain. Permissions will drive you mental when you're first learning, particularly because they seem so straightforward.

I'm assuming that you've shared these five folders. Presumably you didn't name the shares "Teachers$" -- the dollar sign will make them hidden. You didn't mention if you were just trying to browse the shares via "My Network Places" or if you had mapped the drives to drive letters. If you've done the drive mapping, you may wish to set them as persistent. This is done either with the "Reconnect at logon" checkbox in the "Map Network Drive" dialogue, or by use of the "/persistent" switch in the "net use" command if you're mapping with logon scripts. Like so:

[pre]net use M: \\Server\Mailbox /persistent:yes[/pre]

My personal golden rule (or Murphy's Law) on permissions (learned the hard way) is as follows:

There are TWO sets of permissions -- network sharing permissions and NTFS permissions. Of these two sets, whichever is the most restrictive will prevail.

In order to keep my sanity, I wound up completely undoing any semblance of security on the network sharing permission -- Everbody = Full Control. I handled all security at the NTFS level. I then named almost all of my shares with the dollar sign to hide them, and mapped drives to shares in the users' logon scripts based on a need-to-know basis. The NTFS is the real goods, and all of the rest is just security by obscurity -- people won't try to break into what they don't know is there.

Hopefully there's something useful in here. =D

Good luck,
-JimmyJazz

Collapse -

Problem isolated: hardware!

by lfruchter In reply to Shares? Drive mapping?

Thanks for the additional insight.

I narrowed down the problem. When I log in from an aged Dell Lat C610, I don't get the right drives. When I log in from a slightly less aged Dell Lat D505, I get just what I should.

Both machines run WinXPsp2. Any ideas what gives?

Much thanks,
Lev

Collapse -

Both Dells = Domain Computers?

by james.jones In reply to Problem isolated: hardwa ...

I've found that from a new workstation, I'm able to "join a domain" and logon as a user from that domain, and yet the new machine won't appear in the Active Directory Users & Computers snap-in on the server until I manually add it in. I didn't notice any problems at the time, but I bet I would've if I had taken the time to poke around enough. Perhaps the D505 is a member of the Domain Computers group and the C610 is not.

Just a guess...
-jj

Collapse -

Both in AD

by lfruchter In reply to Both Dells = Domain Compu ...

Thanks for the suggestion. The older machines are appearing in Active Directory just like they should. There's no problem with nesting OUs I create, right?

Collapse -

No, nesting shouldn't be a problem...

by james.jones In reply to Both in AD

I find that OUs behave very intuitively and never give grief. I'm not sure where to point you next. I'm out of ideas, I'm afraid.

Collapse -

Drives

by Wizard-09 In reply to Disappearing Drives - sim ...

How are the drives being mapped, via a logon script, i would also have a bat file with all the drives that need mapped in the system startup folder as a test to see if that maps the drives.

@echo off

echo: Mapping network drives

net use x: \\server\share\folder /persistent:yes
net use z: \\server\share\folder /persistent:yes

echo: Network mapping completed

Related Discussions

Related Forums