TechRepublic|Forums|Windows Forum

Windows Forum

General discussion

  • Creator
    Topic
  • December 16, 2004 at 5:38 am #2292233

    Profiles and permissions….

    Locked

    by rickster06 · about 19 years, 4 months ago

    When NT or W2K is set to create profile folders or personal folders, Admins generally do not have access w/o taking ownership. Can this be prevented? Also back-up does not seem to have permission to backup or restore. Should backup be using a system account as opposed to backup operator. Any input would be of help.

    Topic is locked This conversation is currently closed to new comments.
  • Creator
    Topic

All Comments

  • Author
    Replies
    • December 16, 2004 at 5:56 am #3297716

      Reply To: Profiles and permissions….

      by trockii · about 19 years, 4 months ago

      In reply to Profiles and permissions….

      Backup Operator has more built-in rights than a system account. So I would suggest changing that. As for the first part, what are you trying to get the admins to access?

    • December 16, 2004 at 10:21 am #3302368

      Reply To: Profiles and permissions….

      by razz2 · about 19 years, 4 months ago

      In reply to Profiles and permissions….

      The answer to the first question is yes and I do it all the time.
      The key is parent permissions.

      The best example is HOME directoriesl. Everyone always creates
      a DIR called ‘users’, with the default NTFS security, and shares it
      as needed. Then in user properties they set the Home Folder to
      map H: to \\server\share\%username%. This creates a DIR with
      that username under the USERS share with the user being the
      owner and having full permissions. If the admin need acces then
      he/she takes ownership.

      The fix is that when you create the USERS DIR you set NTFS to
      have Admins and Owner as full control. Set it to affect any child
      objects. Do this before any subdirectories are created.

      When the Home dir is created automatically the owner will be the
      user, but admins will have access.

      The backup operator should be able to backup the data. If there
      is an issue then either add the group using the previous method
      or run the backup job with different credentials.

      Good Luck,

      razz

    • December 20, 2004 at 7:33 am #3300849

      Reply To: Profiles and permissions….

      by mm212 · about 19 years, 4 months ago

      In reply to Profiles and permissions….

      Profiles folders are just as you describe. Only the user and System has access to it. You can change permissions by taking ownership. You don’t need ownership to back them up, though.

      Be sure to add your backup user to a group that is in the “Backup Operators” group on the server. This will give them access to read the files for backup purposes only.

  • Author
    Replies
Viewing 2 reply threads