Re: Sharing and Security on File Share

I was able to run all commands, except your last command and I received an
error indicating the user could not be found:

H:\>net user ksegale >> c:\test.txt
The user name could not be found.

The xxx dirctory was created in the test folder.

The results in the test.txt file are below for everything except the last
command:
Volume in drive Q has no label.
Volume Serial Number is 1488-BE90

Directory of Q:\

09/28/2006 08:07 PM <DIR> .
09/28/2006 08:07 PM <DIR> ..
09/09/2005 09:52 AM 53 License10_0.txt
1 File(s) 53 bytes
2 Dir(s) 621,924,376,576 bytes free
q:\xxx BUILTIN\Administrators:(OI)(CI)F
dca\Crescendo:(OI)(CI)F
dca\Domain Users:(OI)(CI)R



"Pegasus (MVP)" wrote:

- Log on as ksegale on her own PC
- Open a Command Prompt
- Type these commands:
net use q: \\YourServer\Test
dir q: > c:\test.txt
md q:\xxx 1>> c:\test.txt 2>>&1
cacls q:\xxx >> c:\test.txt
net user %UserName% >> c:\test.txt

then post c:\test.txt.

"Rogene" <Rogene@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A7F4AC4E-9680-40EC-8E2B-8FD8E514CD47@xxxxxxxxxxxxxxxx
This is the same test on a user who is not part of the "crescendo" group,
but
yet has access to the share.

D:\Shares\test BUILTIN\Administrators:(OI)(CI)F
dca\Crescendo:(OI)(CI)F
dca\Domain Users:(OI)(CI)R

User name ksegale
Full Name Katie Segale
Comment Precision PR
User's comment
Country code (null)
Account active Yes
Account expires Never

Password last set 1/27/2006 10:37 AM
Password expires 3/13/2006 10:37 AM
Password changeable 1/27/2006 10:37 AM
Password required Yes
User may change password Yes

Workstations allowed All
Logon script SBS_LOGIN_SCRIPT.bat
User profile
Home directory \\server\users\ksegale
Last logon 2/6/2006 10:56 AM

Logon hours allowed All

Local Group Memberships
Global Group memberships *Precision *SBS Mobile Users
*Domain Users
The command completed successfully.


Share name Resource Remark

--------------------------------------------------------------------------
-----
Resources$ C:\Program Files\Exchsrvr\res "Event logging files"

C$ C:\ Default share

ADMIN$ C:\WINDOWS Remote Admin

print$ C:\WINDOWS\system32\spool\drivers
Printer Drivers

D$ D:\ Default share

IPC$ Remote IPC

Acct D:\Acct
Address C:\Program Files\Exchsrvr\address
"Access to address objects"

ClientApps D:\ClientApps Windows Small Business Server
Clie
clients C:\Program Files\Microsoft Windows Small Business
Server\ClientSetup\Clients
Windows Small Business Server
Clie
Crescendo D:\Shares\Crescendo
DCACapital D:\Shares\DCACapital
Douglas D:\Shares\Douglas
ITdoc D:\Shares\IT Documentation IT Documentation

NETLOGON C:\WINDOWS\SYSVOL\sysvol\dca.local\scripts
Logon server share

Precision D:\Shares\Precision
SERVER.LOG C:\Program Files\Exchsrvr\SERVER.log
Exchange message tracking
logs

SYSVOL C:\WINDOWS\SYSVOL\sysvol Logon server share

test D:\Shares\test
tsclient C:\WINDOWS\system32\clients\tsclient

tsweb C:\WINDOWS\web\tsweb
Users D:\Home Directory Automatic caching of programs
and documents
VPHOME d:\program files\sav Symantec AntiVirus

VPLOGON d:\program files\sav\logon Symantec AntiVirus

Worldbridge D:\Shares\Worldbridge
DCAColor IP_192.168.16.4 Spooled HP Color LaserJet 3550

DCALaser IP_192.168.16.3 Spooled DCALaser

DCAreception IP_192.168.16.6 Spooled HP Printer, Fax, Scanner, and
Copi
HPColor2 IP_192.168.16.13 Spooled CrescendoColor2

Toshiba \\192.168.16.5\print Spooled TOSHIBA e-STUDIO450Series
PCL6

The command completed successfully.


"Pegasus (MVP)" wrote:

User "rogene" is a member of the "crescendo" group.
The crescendo group has full read/write access to the
folder d:\shares\test. No surprises there . . .

"Pegasus (MVP)" wrote:

The correct commands are:

cacls "D:\Shares\test" > c:\test.txt {Enter}
net user rogene >> c:\test.txt {Enter}
net share >> c:\test.txt {Enter}

It would be helpful if you answered my question about
your level of experience.

"Rogene" <Rogene@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:018EB97E-D306-4E7D-911D-8A8AD672E4A9@xxxxxxxxxxxxxxxx
Ok, now I've tried the following and each provides me with the
same
error
"The system cannot find the file specified.

By the way, "Rogene" was the user name that is in the group
specified
with
permission to the folder.


D:\Shares\test>cacls "d:\shares\test rogene" > c:\test.txt
The system cannot find the file specified.

D:\Shares\test>cacls "d:\shares\test net user rogene" >
c:\test.txt
The system cannot find the file specified.

D:\Shares\test>cacls "d:\shares\test net license10_0.txt" >
c:\test.txt
The system cannot find the file specified.

D:\Shares\test>dir
Volume in drive D has no label.
Volume Serial Number is 1488-BE90

Directory of D:\Shares\test

09/28/2006 08:07 PM <DIR> .
09/28/2006 08:07 PM <DIR> ..
09/09/2005 09:52 AM 53 License10_0.txt
1 File(s) 53 bytes
2 Dir(s) 621,924,503,552 bytes free

"Pegasus (MVP)" wrote:

You need double quotes, as Jerold pointed out, and you
omitted the redirection symbol (>).

cacls "d:\shares\test rogene" > c:\test.txt

You should also state your level of experience. Since
you manage a server I assume that you are a server
administrator and I word my replies accordingly. I may
be wrong in my assumption.


"Rogene" <Rogene@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A33AC2BD-CA28-4A0C-8A07-BD5E0D79CACF@xxxxxxxxxxxxxxxx
I'm not sure what is wrong with the command you asked me to
enter,
but
nothing is in the txt file. This is the comand I'm entering:

D:\Shares\test>cacls d:\shares\test rogene c:\test.txt

Please advise.
Rogene


"Pegasus (MVP)" wrote:


"Rogene" <Rogene@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F3039773-599A-4B7D-A02E-1A1B5337D0F2@xxxxxxxxxxxxxxxx
I have a Windows 2003 SBS with several shares:

\\server\dca
Sharing Tab:
Share name = dca
Permissions Button:
Administrators - Full Control
DCA (Security Group) - Full Control

Security Tab:
Administrators - Full Control
Domain Users - Read & Execute, List Folder Contents, Read
DCA (Security Group) - Full Control

My expectation is that only the members of DCA Security
Group
would be
able
to view, read, and write to this share. However, everyone
in
the
domain
is
able to view, read, and write.

What do I need to change, so only the security groups I
want
to
view,
read,
and write have access?

Thanks,
Rogene

What you report is at variance with my own expectation.
Let's
nail
it down by getting some hard evidence, by doing this from a
Command Prompt:
cacls d:\Data\dca > c:\test.txt
(insert the correct path for the folder that hosts the DCA
share)
net user xxx >> c:\test.txt
(insert the name of a user who can write to this share)

Now post the contents of c:\test.txt.















.