General discussion

Locked

Home Folder Security

By KingOfTheNerds ·
Hi All,

I have a Windows 2003 Server and I am running Clients with Mandatory Profiles so I setup a Group Policy through Active Directory to Redirect their My Documents folder to their home directory.

This has all worked fine except for the fact that without knowing I had the checkbox ticked "Grant the user exclusive rights to My Documents".

I have now realised that was a big mistake. Now logged in on the server as Administrator I can't access users My Documents in their home directory.

On the security Tab the only people with rights to look in the folder and modify etc is the Owner and SYSTEM.

Administrators is not there. This makes me quite angry because why on earth would you setup home folders on a server and then lock the server from accessing them.

Anyway, is there anyone who can give me some magical advice that allows me from the top folder of the share, add administrators to the security tab with full access while leaving the owner of each folder untouched, and while still restricting access for everyone else except the administrator group, and the owner.

I hope someone else has had this problem.

Thanks All

This conversation is currently closed to new comments.

16 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by Jacky Howe In reply to Home Folder Security

Right click the users home directory select properties security and add the domain admins give them full control.

Collapse -

by KingOfTheNerds In reply to

Only system and creator owner have full rights, therefore I can't just add the admin, because I dont have access.

Collapse -

by andrew.wright In reply to Home Folder Security

You may first have to 'take back' ownership of the folder. For a full explanation of how to do this look in the "Help and Support Center" off the Start button and go to Security --> Access Control --> How To... --> Take Ownership of a File or Folder.

Basically, because you are logged on as an administrator you can take back ownership then apply security as you see fit.

Collapse -

by KingOfTheNerds In reply to

I know I can take ownership and then setup permissions but I would like a quicker way considering I have 800 folders to do.

Collapse -

by andrew.wright In reply to Home Folder Security

You may first have to 'take back' ownership of the folder. For a full explanation of how to do this look in the "Help and Support Center" off the Start button and go to Security --> Access Control --> How To... --> Take Ownership of a File or Folder.

Basically, because you are logged on as an administrator you can take back ownership then apply security as you see fit.

Collapse -

by andrew.wright In reply to

Sorry about this double post.

Collapse -

by KingOfTheNerds In reply to

Poster rated this answer.

Collapse -

by Jim_MacLachlan In reply to Home Folder Security

Use xcacls.exe to redo the rights. I've setup directories with rights this way & I think it runs on the local machine permissions, so should be able to do it.

You'll probably have to go to a command prompt & dump the directory structure to a text file, massage it in Excel or something & dump it back out with the correct commands. Then run it as a batch file from the command prompt.

Collapse -

by KingOfTheNerds In reply to

How do I do this? What is xcacls.exe?

Collapse -

by Jacky Howe In reply to Home Folder Security

2 batch files are required
add the list of "user"s to the addperm.bat
Addperm.bat

call c:\chperm.bat "user1"
call c:\chperm.bat "user2"


Modify below to suit your setup "usrhome" is your home dir share. "Staff" is the group you

want to add the permissions to.

Chperm.bat

xcacls d:\"file server"\usrhome\%1 /T /G "Administrators":F "Staff":F %1:F /Y

Back to Networks Forum
16 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums