User can not change files or folders on Network

By rickbradley124 ·
I am getting very frustrated with AD on a W2K3 server. I have checked the GPO and can not find what is preventing users from being able to change their files, delete or add new folders, et cetera.

The Story: I have two servers, call them server1 and server2. Both are W2K3 standard servers SP2 with AD. I have over 100 users (students). Each user has been setup as a Roaming user with the profile saved to server2 where also their exists a shared folder for student data. Under the shared folder on server2 (which is mapped by default as F:\student data\yeargraduating\%username%) and I have manually key'd each users folder on server2.

Initial log on by each user automatically creates and saves their profile on server2\profiles, but strange thing, as the administrator I can not open the users profile folder (access denied) unless I take ownership - this is another isssue for later.

My problem: I can have the user log on at a local WXP Pro computer, it maps to the correct drive location F:\student data\%username% and then the student can open the folder and see all their files and folders. But, when they try to open a file, add a new file/folder they get an error "Access denied".

One more little piece of info; I copied all the data, folder structure, files et cetera from an old Novell Network server version 5.12. I used the copy command, not move.

Any help would be greatly appreciated.

Thank you in advance.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -


by bincarnato In reply to User can not change files ...

Sounds like a permissions issue. There are two sets of permisions you need to check out. One is on the folders and files themselves and the other is for the share permissions. Typically, whichever is most restrictive will apply so if the folder has read only and the share of that folder has read/write, that folder will only have read permisions for that user. Also, you will need to put a check box in the apply to all child objects.

Collapse -


by rickbradley124 In reply to Permisions

bincanato, appreciate the fast response.

I agree that it is something in the permissions. I have checked the root shared folder and for the Domain User it has Read and Execute, write, List Folder content, but not Modify. So I just changed it to modify. Checking the subfolder (%graduating year%) I see that the permissions for the User are Read/Write/Modify/List Folders.
Going in deeper, I selected one %username% folder and her permissions are as follows:
Read/Execute, Modify, Write, List Folders.
But, one thing is not good about this after applying the above to Users and checking the apply to all child objects, now all the users can view and access one anothers folders. I need to see if this has fixed the issue at hand with the adding files, folders, opening files and making changes by the indiviaul users.
If this works (thought I had tried this earlier) then the next issue is going to be to set the permissions on the individual folders so they can not see one anothers information.

I'll post after the test is completed for the above change.


Collapse -

You Are Right

by bincarnato In reply to Agree

You will need to remove domain users and then add the specific user for each folder on the share permisions. I would leave domain users full access to the actual "users" folder on the server and then just modify the share permisions on each folder to include administrator and the indiviadual user.

Collapse -

Need to look deeper

by rickbradley124 In reply to You Are Right

Bincarnato, appreciate the info. This sounds good, but I think I am going to need to change the entire infrastructure of the network domain and users. I am not in a positiion right now to do this. I just need to get over the hump so that the users can access their files/folders add and delete info. Then at a later date I can rework the entire structure/permissions on a new server due to come on line (thus do it the right way). Problem is, I inheritted this mess, but at the same time I have to make it work.

Collapse -

What issue are you still having?

by bincarnato In reply to Need to look deeper

Please let us know what issue you still are having or where user's are still unable to open files. We will be more than happy to help, but you have to let us know what problems you still are having.

Collapse -

Same issue

by rickbradley124 In reply to What issue are you still ...

Bincarnato, Thank you for the reply. I have not had a lot of time, my real problem, to work on this as of late. I still seem to be facing the same issue of users not being able to control their files/folders. I do not want to give them Full Control, but that will probably be the next step in determining what is going on. I also have hired an outside entity to come on site and look things over with me. Maybe a fresh pair of eyes can see what I am not.

I'll post later when this issue is under control.

It will be interesting to find out what the base 'fix' is going to be.

On another note - getting ready to activate two new servers to replace the existing units. One is Windows 2008 Enterprise server preloaded, and the other is Windows 2003 Advanced Server preloaded (need to stay with this because of Exchange 2003). Any thoughts or pointers to sources for "correctly" configuring a 2008 server?

Thanks in advance

Collapse -

None for me

by bincarnato In reply to Same issue

We haven't been selling the Win2008 stuff as of yet because we try to hold off as MS releases new stuff to allow bugs and other issues to get worked out. Might start another thread in here to get soem ideas from other members.

Collapse -

See how you go with this

by Jacky Howe In reply to User can not change files ...

The Main Share folder for your Domain Users should have Special Permissions ticked in Allow.<br>
You could run XCACLs and give the Administrator and Users Full control of their Profiles Folder.
You could run XCACLs and give the Administrator and Users Full control of their %username% Folder.
This is how I change Permissions. Set it up something like this and run userperm.bat
The Administrator and the User has full control over the Folder with 2 files.
echo y| xcacls %LOGONSERVER%\profiles$\%1 /T /G "Administrators":F %1:F
call c:\chperm.bat user1<br />call c:\chperm.bat user2<br />
call c:\chperm.bat user3

I normally copy these files to the root of the Server. Just add the Users to UserPerm.bat as per example.
Some links that will explain Permissions and a couple of ways to Automate the Process.
Access Control:
HOW TO: Use Xcacls.exe to modify NTFS permissions:
How to Use CACLS.EXE in a Batch File:
< Got it to work I was trying to use something that wasn't designed for this layout br> < typo > <br> < having a play >

<i>Keep us informed as to your progress if you require further assistance.</i>
<font size="1"><i>If you think that any of the posts that have been made by all TR Members, have solved or contributed to solving the problem, please Mark them as <b>Helpful</b> so that others may benefit from the outcome. </i></font>

Collapse -

Interesting - Jack Thank you

by rickbradley124 In reply to See how you go with this

Jack, Thanks for the information. THis is interesting to say the least. I need to study it a bit more before I try it. But it does sound like it may work. I'll post later when I have had a chance to mess around with the bat.


Collapse -

Solved the Issue

by rickbradley124 In reply to User can not change files ...

First, thanks to everyone for your posting and suggestions. I ended up bringing in another pair of 'eyes' and together we wereable to determine the root of the problem.

As it turns out, everything should have worked. What we decided to do was remove all the GPO's relating to the users. Created a new GPO for the students with only minor restrictions (in this manner eliminating creating new possible issues). For the Roaming Profile path I went in and browsed to the Server Profile storage location for the students (\\Server2\data drive2\profiles\%username%), then copying the path from here I pasted the path with the %username% in the students Profile Path under the students user Properties Profile Tab. Next I once again browsed to the student data storage location and copied the path (\\Server2\data drive2\StudentData\GradYesr\%username%) to the students Properties Profile tab Connect F: location.

Saving this information, I was abel to log on as the students from various locations throughout the Network and because of the mapping I was able to add/remove files/folders in the students storage location. THis is what I have been after all along.

One more thing I would like to mention was a trick the person assisting me provided. Once everything is working, I logged in as the student, set the desktop on the XP workstaion the way I wantted it logged out and logged back in as the student (same workstaion). What this does is set the "Roaming Profile" up and copies it to the Network Student Profile location to be used when they move around.

Now the trick - After logging in as the student, we set to Explorer screens open vertically. Then browsing in one of the explorer screens we went to the local drive and found the student Docs and setting, drilled down to the students local setting. In the other Explorer screen we browsed to the students Network Storage location (\\Server2\data drive2\StudentData\GradeYear\StudentUserName). Having both Explorers open, I took and using the 'right mouse' held on the MyDocuments I drug it to the network storage location folder and dropped it there and when prompted selected Move. I did the same on the Favorites and Desktop. The beauty of this is once the student logs in their MyDocuments information, desktop settings, and favorites will all be on the server and they do not have to "browse" to their storage location because My Documents on any computer workstation will automatically be set to their storage location.

But, for the above to work correctly, you have to be logged in as the user/student.

I can expound on this more if interested, just thought htis was kinda slick and saves headaches down the road.

Again, Thanks to all.

Related Discussions

Related Forums