General discussion


Profiles and permissions....

By Rickster06 ·
When NT or W2K is set to create profile folders or personal folders, Admins generally do not have access w/o taking ownership. Can this be prevented? Also back-up does not seem to have permission to backup or restore. Should backup be using a system account as opposed to backup operator. Any input would be of help.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by trockii In reply to Profiles and permissions. ...

Backup Operator has more built-in rights than a system account. So I would suggest changing that. As for the first part, what are you trying to get the admins to access?

Collapse -

by razz2 In reply to Profiles and permissions. ...

The answer to the first question is yes and I do it all the time.
The key is parent permissions.

The best example is HOME directoriesl. Everyone always creates
a DIR called 'users', with the default NTFS security, and shares it
as needed. Then in user properties they set the Home Folder to
map H: to \\server\share\%username%. This creates a DIR with
that username under the USERS share with the user being the
owner and having full permissions. If the admin need acces then
he/she takes ownership.

The fix is that when you create the USERS DIR you set NTFS to
have Admins and Owner as full control. Set it to affect any child
objects. Do this before any subdirectories are created.

When the Home dir is created automatically the owner will be the
user, but admins will have access.

The backup operator should be able to backup the data. If there
is an issue then either add the group using the previous method
or run the backup job with different credentials.

Good Luck,


Collapse -

by mm212 In reply to Profiles and permissions. ...

Profiles folders are just as you describe. Only the user and System has access to it. You can change permissions by taking ownership. You don't need ownership to back them up, though.

Be sure to add your backup user to a group that is in the "Backup Operators" group on the server. This will give them access to read the files for backup purposes only.

Related Discussions

Related Forums