home directory issue

home directory issue
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Applications Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
home directory issue jak 08-23-2005
Posted by =?Utf-8?B?amFr?= on August 23, 2005, 1:11 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
running into a small issue.
the shared directory is shared to everyone and for a time the security was
set to everyone full access, then each user has a folder within this shared
folder.
we are now running into the problem of network users browsing the network
accessing other users drives. is it possible to keep them from accessing
other users folders without having to change the security on over 2000
folders?

please help!!

Posted by Steven L Umbach on August 23, 2005, 4:20 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
You can use command line tools such as xcacls, xcacls.vbs [ more options
than xcacls] or fileacl to change permissions on a folder tree to for
instance remove a group. These are very powerful tools and you can muck up
your permissions pretty body with one wrong switch or lack of. For instance
with xcalcs the /e switch means to edit permissions and if you forget it you
can have all your current users/groups removed from the folder permissions.

So be sure to try out these commands on a test computer to make sure you
have the command you need to be correct and make a full backup of your
server with ideally an image backup before you try the final change. Some of
these tools such as fileacl can also backup your current permissions. You
also have to take in account permissions that are inherited or not when you
plan your changes. See the links below for some of these tools. --- Steve

http://www.gbordier.com/gbtools/fileacl.htm --- fileacl and syntax
http://support.microsoft.com/?id=825751 --- xcacls.vbs

> running into a small issue.
> the shared directory is shared to everyone and for a time the security was
> set to everyone full access, then each user has a folder within this
> shared
> folder.
> we are now running into the problem of network users browsing the network
> accessing other users drives. is it possible to keep them from accessing
> other users folders without having to change the security on over 2000
> folders?
>
> please help!!



Posted by Roger Abell on August 24, 2005, 3:05 am
If you were  Registered and logged in, you could reply and use other advanced thread options
You have answers, but as no one directly stated the answer
to your question, I will.
No. It is not possible to do this without altering the permissions
on the folders, or changing your sharing strategy. Access is controlled
by the security settings. You did not use this, but now want to control
access, which means you do now need to use this by defining it.
As Rick indicates, cacls can be your friend here.
cacls c:\folderroot\user1 /t /g user1:f
cacls c:\folderroot\user2 /t /g user2:f
etc. in a bat file, and include if desired after each of the above such as
cacls c:\folderroot\user1 /t /e /g administrators:f
--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
> running into a small issue.
> the shared directory is shared to everyone and for a time the security was
> set to everyone full access, then each user has a folder within this
shared
> folder.
> we are now running into the problem of network users browsing the network
> accessing other users drives. is it possible to keep them from accessing
> other users folders without having to change the security on over 2000
> folders?
>
> please help!!



Similar ThreadsPosted
re: home directory issue August 23, 2005, 11:47 pm
On security standards about home networks or digital home March 5, 2008, 3:46 am
active directory August 24, 2005, 6:52 pm
Directory access September 13, 2005, 5:37 pm
files on ur web directory November 14, 2006, 12:53 pm
Active Directory and DMZ February 11, 2008, 10:12 am
Need help on Active directory server August 12, 2005, 6:29 am
Directory Security and subdirectories November 23, 2005, 1:03 pm
Active Directory and SSL Certificates January 11, 2006, 5:08 pm
Audit the Creation of a Directory February 7, 2007, 3:48 pm

The site map in XML format XML site map

Contact Us | Privacy Policy