Guest UselessUser Posted March 1, 2008 Posted March 1, 2008 Hi, I have walked into a new scenario which is odd for me! Basically I have a server which has this structure E:\HomeDirectory\%username% The folder HomeDirectory is shared, with share permissions set as Everyone Full Access. NTFS permissions have only administrators, creater owner, and system as full control. If we create a new user in AD with their H drive set to: \\server\HomeDirectory\%username% This creates the folder correctly and it is perfectly usable... Now we have a few users who are right clicking their H and selecting make available offline, and this is working fine. However I could not do this myself (I do not run as domain admin etc).. and consequently began to look into this, (Before a user asks me about it!) Basically I found on the Microsoft docs that offline files checks the parent of the folder you are trying to make offline for permissions and as I had none I was getting access denied. The way to fix this is to have the HomeDirectory share to have read access for everyone etc. Now here is the question, how are people doing this at the moment! And no they are not admins, and no there are not permissions on the share etc... What I discovered was that if I give myself read access to the share, then setup the offline files and synchronize it works fine. If I then remove my read access and reboot the client, it still seems to work? If this is the case why is there a need to check the parent permissions, and is there a client registry fix I can use to get around this?? Also Imagine the scenario, you are browsing your AD and you find a group with a strange name, with a few members in it... You then decide to attempt to either delete it or rename it to what it actually does, but because of the strange name, you have absolutely no idea what it is for? Is there a tool which can scan folders and list all the ACL's so I can find out what exactly it gives permission to?
Guest Meinolf Weber Posted March 1, 2008 Posted March 1, 2008 Re: File access and permission help Hello UselessUser, Check out this one: http://technet2.microsoft.com/windowsserver/en/library/f0fe0826-aade-46cc-9323-22657ebb7c511033.mspx?mfr=true Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > Hi, > > I have walked into a new scenario which is odd for me! > > Basically I have a server which has this structure > > E:\HomeDirectory\%username% > > The folder HomeDirectory is shared, with share permissions set as > Everyone Full Access. NTFS permissions have only administrators, > creater owner, and system as full control. > > If we create a new user in AD with their H drive set to: > > \\server\HomeDirectory\%username% > > This creates the folder correctly and it is perfectly usable... > > Now we have a few users who are right clicking their H and selecting > make available offline, and this is working fine. However I could not > do this myself (I do not run as domain admin etc).. and consequently > began to look into this, (Before a user asks me about it!) > > Basically I found on the Microsoft docs that offline files checks the > parent of the folder you are trying to make offline for permissions > and as I had none I was getting access denied. The way to fix this is > to have the HomeDirectory share to have read access for everyone etc. > > Now here is the question, how are people doing this at the moment! And > no they are not admins, and no there are not permissions on the share > etc... > > What I discovered was that if I give myself read access to the share, > then setup the offline files and synchronize it works fine. If I then > remove my read access and reboot the client, it still seems to work? > If this is the case why is there a need to check the parent > permissions, and is there a client registry fix I can use to get > around this?? > > Also > > Imagine the scenario, you are browsing your AD and you find a group > with a strange name, with a few members in it... > > You then decide to attempt to either delete it or rename it to what it > actually does, but because of the strange name, you have absolutely no > idea what it is for? > > Is there a tool which can scan folders and list all the ACL's so I can > find out what exactly it gives permission to? >
Recommended Posts