Re: Users denied access to my documents
- From: "James W. Long" <JamesLong@xxxxxxxxxx>
- Date: Fri, 2 Feb 2007 17:29:25 -0500
Dear TC:
Does the physical folder "\\ndc000\users" have its
acls set for users to read&execute, so your users can pass through it
properly? it should have the same acl as say, any profile root folder,
(Documents and Settings) so that all users can traverse and navigate it.
This acl set need to apply to all domain users
on a dc, domain users is the same as users on a windows client.
on a joined (domain member) windows client, users are a member of domain
users.
There are a set of 3 acls which grant users access. look at acls at the root
of any XP
machine, and even at the root of your win2k3 DC, and this set of acls is
propigated downward,
so that child folders inherit the acls of the root, Unless otherwise
specified, which it sounds
like you may have done for \\ndc000\users folder.
Look at the ACLS for Documents and Settings
(which contains ... profiles...and ...My Documents)
and this is how you should set acls for your physical \\ndc000\user folder.
if you get that straight, windows will see straight through it like it was
never
redirected and operate on it like it was actually local.
you can share \\ndc000\users with full control sharing rights because the
acls
will prevent an individual from delteing it, because they dont have
ownership. admin is the owner of it. (because you created it...)
users will have full control of thier own individul folder
(\\ndc000\users\test2)
which is what you want. they might even be able to navigate up then down
into another user folder to read stuff there, but since they dont own that,
they wont be able to delete anything.
if you want to make a certain user private, turn off inheritance for that
users folder and specify that only them, system and admin get full access.
hth.
James
"TC" <TC@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:8548ADBB-53DC-44B7-8A6B-F25D75295822@xxxxxxxxxxxxxxxx
Hi,
I seem to have overlooked something simple. or I have a policy set I am
not
aware of.
Problem is is that the users can click on the My documents folder in the
start menu and get access to it. (It is redirected.)
But if they have an "open file" dialog box up and they click on the "my
documents" icon, it tells them acess denied, you do not have access to
"\\ndc000\users" directory. Wich of course they don't have acess to that
top
level, but the do own their sub-directory.
Now if they go to save a document, it defaults into the "my documents"
network directory and works the way it should. But if they do click on the
"my Documents" selection icon, it gives the error message. If they just
type
in the file name and save it, it wirtes it out just fine.
Running a mix of 2000 and XPpro desktops. Servers are 2003.
In the users profile I have the home directory set to
"\\ndc000\users\test2"
(test2 being the userid, users the shared drive)
Group policy is set to redirect "my Documents" to same location,
\\%HOMESHARE%%HOMEPATH%
Any suggs or what critical bits did I forget to tell you?
Thanks,
TC
.
- Next by Date: Re: how to delete users
- Next by thread: Re: how to delete users
- Index(es):
Relevant Pages
|
