• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Setting up home directories for Active Directory

L

LuckyTaxi

Diamond Member
Ok so you have Shared Permissions and NTFS permissions. I removed the EVERYONE group.

I set the following users for Shared Permissions AND NTFS Permissions.

Authenticated Users - "Read Only"
Domain Admins - "FULL Control"

Inside the shared "users" folder are the individual folders for my users.

user1, user2, user3, etc ...

I set the following for both Shared and NTFS Permissions.

<username> - "FULL Control"
Domain Admins - "FULL Control"

So the problem is no one can read/write their folders. If I change the top level "users" folder to "Read/write" it will work but then users can go into someone else's folder and do the same. What am I missing?


 
Go to the Advanced Security Settings dialog box on your shared "users" folder and change it so that the permission is applied to "This Folder only".
 
Originally posted by: her209
Go to the Advanced Security Settings dialog box on your shared "users" folder and change it so that the permission is applied to "This Folder only".
Click to expand...

I think I tried that but I shall doublecheck.
 
Why are you sharing both the users folder and the individual home directories inside that folder?

Save youself a lot of headaches and just grant Everyone Full at the share level of the users directory. Then control all permissions with NTFS.
 
Sorry ... I didnt share at the individual home directories. I fixed my problem using her209's suggestion. Works like a charm!
 
Originally posted by: SoulAssassin
don't grant everyone or end users full, they don't need it...read/write is adequate.
Click to expand...

I said to grant everyone full at the share level. Then control all permissions with NTFS. This is where your restrictive permissions would be. Since the ultimate permission will be the least restrictive of the two, it is much less confusing to just give everyone full at the share level and just worry about NTFS.
 
Originally posted by: stash
Originally posted by: SoulAssassin
don't grant everyone or end users full, they don't need it...read/write is adequate.
Click to expand...

I said to grant everyone full at the share level. Then control all permissions with NTFS. This is where your restrictive permissions would be. Since the ultimate permission will be the least restrictive of the two, it is much less confusing to just give everyone full at the share level and just worry about NTFS.
Click to expand...
:thumbsup: That's the way I was always told to secure shares. It's annoying and confusing when someone uses share and NTFS permissions together.
 
Originally posted by: RebateMonger
Originally posted by: Robor
:thumbsup: That's the way I was always told to secure shares. It's annoying and confusing when someone uses share and NTFS permissions together.
Click to expand...
Agreed.
Click to expand...

I agree, honestly be nice if they took out the share level layer all together and just controlled it via NTFS.

 
Originally posted by: Robor
Originally posted by: stash
Originally posted by: SoulAssassin
don't grant everyone or end users full, they don't need it...read/write is adequate.
Click to expand...

I said to grant everyone full at the share level. Then control all permissions with NTFS. This is where your restrictive permissions would be. Since the ultimate permission will be the least restrictive of the two, it is much less confusing to just give everyone full at the share level and just worry about NTFS.
Click to expand...
:thumbsup: That's the way I was always told to secure shares. It's annoying and confusing when someone uses share and NTFS permissions together.
Click to expand...

Would you grant them full control of the share? Share or NTFS, I see no reason to ever grant individual users full control. Everyone/auth users r/w at the share level is perfectly adequate with appropriate NTFS permissions below.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top