Files and Folders Permissions

Hello,

I am having issue with the NTFS security on files and folders.  I have set up a shared folder for all the users who log on to domain.  Under this share are user specific folders for their documents.  These are personal folders (not shared) and are NOT supposed to be available to one another.  The shared folder has 'Full Control' share permission and Authenticated users and Domain users have Read & Write NTFS permissions.

The personal folder have only the user (that folder belongs to) with Read and Write NTFS permissions.

However, all users can still access one anothers files i.e. view, modify or delete them. 

I have tried removing Inheritance but to no avail.  When I check effective permissions for one user against the other.  It tells me that they all have Full Control permission.

This issue is with all my clients with Server 2012/2012 R2.

Obviously, I am missing something major.

Can someone show me the right path?

Ive tried to keep the post as brief as I could.  Please let me know if you need more information.

Thank you so much for your help.

Parm J

August 27th, 2015 10:52pm
Here is a good step-by-step on configuring shares. http://blogs.technet.com/b/keithmayer/archive/2012/10/21/ntfs-shared-folders-a-whole-lot-easier-in-windows-server-2012.aspx You might want to consider looking into access-based enumeration.
Free Windows Admin Tool Kit Click here and download it now
August 27th, 2015 11:53pm

I've long kept this link in my favorite and I believe it should still be relevant.

How IT Works: NTFS Permissions

https://technet.microsoft.com/en-us/magazine/2005.11.howitworksntfs.aspx

Personally I would set up a brand new folder structure and following the article to make sure it works as stated before making changes to a production folder. HTH.

  • Proposed as answer by my public name Friday, August 28, 2015 12:50 AM
August 28th, 2015 12:49am

Hello Tim,

I tried the Server Manager method on all the sites I am having this problem.  Unfortunately, it gave me the same results even with 'Access-based Enumeration' enabled.  All users still have full control.  I even set up a brand new 2012 server as Hyper-V virtual machine and tried setting up permission on it using Server Manager but no luck.

The only way I can accomplish explicit permissions for one user is by 'Denying' permissions to all other users which is not a proper way about it.

Any other advice will be appreciated.

Thank you so much.

Parm :)

Free Windows Admin Tool Kit Click here and download it now
September 2nd, 2015 11:52pm

Thank you for the response.

I read the article.  I know 'Deny' permission etc. can be tricky.  I'm not dealing with a big directory tree.  I am creating a share right on the root of C: or D: drive.  Any folder under this share are to be set up with explicit permissions based on individual user.  Regardless how I go about creating a share, all users have 'Full Control' permission to all sub-folders.

It is quite perplexing.

Any other ideas will be greatly appreciated.

Parm :)

September 2nd, 2015 11:58pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics