1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

More permissions!

Discussion in 'Windows Server 2003 / 2008 / 2012 Exams' started by jef, Dec 10, 2008.

  1. jef

    jef Bit Poster

    22
    0
    14
    Sorry about this.

    Right, assuming I have the share Profiles on C: (ie \\Server01\Profiles\) and my user accounts profile path is \\Server01\Profiles\%Username% - why (as administrator) can't I even read by default? Even after making myself owner, allowing all and telling it to inherit these permissions to child files/folders, I couldn't delete the profile folder?

    Surely this is somthing I'm doing wrong?

    Cheers
     
    Certifications: nowt.
    WIP: bits and bobs
  2. Boycie
    Honorary Member

    Boycie Senior Beer Tester

    6,281
    85
    174
    You can GPO user's folders so the user has exclusive access. Check this first.

    Simon
     
    Certifications: MCSA 2003, MCDST, A+, N+, CTT+, MCT
  3. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,189
    296
    319
    What permissions are configured in the share? The everyone group can have full control and also in the security tab you can configure domain users to have the required permissions to the profiles directory. Make sure the *share* permissions are correct and then add the NTFS permissions.

    When you log on as admin it will create the directory for you and also configure the permissions automatically for the administrator only to access that folder.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  4. Obinna Osobalu

    Obinna Osobalu Banned

    539
    7
    0
    Share permissions define the maximum effective perms for all files and folders beneath the shared folder. Permissions can be further restrictd but cant be broadened, by NTFS permissions on specific files and folders. this actually means a users access to a file or folder is the most restrictive set of effective permissions between share permissions and NTFS permissions on that resource. If you want a group to have full control of a folder and have granted full control through NTFS permissions, but the share permission is the default "Everyone: Allow Read" or even if the share permission allows "Change", that groups NTFS full control access will be limited by the share perm.
    it can deduced from above that share perms add a layer of complexity to the management of resource acess and it is more better to configure shares with open share permissions "Everyone: Allow Full Control" thenuse only NTFS permissions to secure folders and files.
    From your situation it looks like the problem is actually your NTFS perms.. Check if your account has been added to the NTFS perm to have full control
     
    Certifications: MCITP:SA,MCTS(x5),MCSE2K3;MCSA2K3:M;MCP
    WIP: EDA7,70-652,Project+,MSP(70-632)
  5. Spilly

    Spilly Kilobyte Poster

    299
    7
    56
    What was there an error message... the user could be logged on!
     
    Certifications: A+,N+,S+,MCP,MCDST,MCITP,MCTS,MCSA,CISMP,PCI-P,SSCP
    WIP: CCSK
  6. Tinus1959

    Tinus1959 Gigabyte Poster

    1,539
    42
    106
    This is by design. In the profile dir are also the my docs, desktop and so on. Imagine what could happen if somebody could help himself to the documents folder of the CEO and give the finance officer to give you a raise?
    The profile folder is designed with full security in mind. Most of the time the sec rules are given per folder and exclusively.
     
    Certifications: See my signature
    WIP: MCSD, MCAD, CCNA, CCNP
  7. jef

    jef Bit Poster

    22
    0
    14
    I fully understand that, but what happens when the user leaves the company and you need to remove that folder, surely there should be an implimentation of the ability to delete but not to modify, as although deletion is modification (at the lowest level), at the higher levels that windows operates at there are all sorts of modulations for things like this to be enabled.
     
    Certifications: nowt.
    WIP: bits and bobs
  8. kevicho

    kevicho Gigabyte Poster

    1,219
    58
    116
    The simplist way would be for an administrator to take ownership of the folder (and its files).
     
    Certifications: A+, Net+, MCSA Server 2003, 2008, Windows XP & 7 , ITIL V3 Foundation
    WIP: CCNA Renewal
  9. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Good work. Quoting an answer from a braindump. Like it. :rolleyes:
     
    Certifications: A few
    WIP: None - f*** 'em
  10. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    When that's all you know, what else can you do? :rolleyes:
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  11. Jay_7

    Jay_7 Nibble Poster

    81
    4
    22
    Pedant alert!

    He didn't actually know it, hence the copy and paste... :twisted:
     
    Certifications: A+, N+, MCP
    WIP: CCNA 200-120
  12. Alex Wright

    Alex Wright Megabyte Poster

    501
    9
    57
    Uhhhh, what? I didn't understand your post after reading through it twice. As someone who advocates braindumps, don't post your garbage and try helping out the other members of the forum. Your advise stinks, and the last thing we want is other people inheriting your bad knowledge. Frankly, how you're allowed to continue posting is beyond me.
     
    Certifications: 70-680 Configuring Windows 7
    WIP: 70-642

Share This Page

Loading...