users can access and view shares that they shouldn't be able to. HELP!

---

• From: James H-B <jbroomfield1@xxxxxxxxx>
• Date: 17 May 2007 03:28:01 -0700

---

Dear all,

I have set up a new file server as part of our migration from SBS2003
to a medium sized network. The problem is that this morning I realised
that I could access even the most sensitive shares on the server when
logged in as a local admin on an XP client.

This is a major problem. At first I thought I must have missed
something fundamental such as acciedentally leaving everyone in the
NTFS permissions but the more I looked at it the less I understood it.

I have set the share permissions so that everyone has full access to
the shares. Then I have set the NTFS permissions on the shares so that
only the relevent security group has full control and no one else
(apart from SYSTEM and admins.

The most puzzling thing about this is that for most of the shares I
used the Microsoft File Server Migration Wizard to move the shares -
so in theory it should've copied the files then migrated the
permissions identically.

I also notice that if I try to access our sbs2002 server from an XP
client from the run dialogue by typing \\sbs01 - it immediately
requests authentication before showing me the shares. On the new file
server (running Windows Server 2003 R2) it just opens a window and
shows all the shares!

This is a serious problem and I have had to disable the sensitive
shares until I have a solution.

Please can someone point out where I am being incredibly stupid or if
not explain how I can rectify this dire state of affairs.

Thanks very much in advance for any help.

James Broomfield

.

---

• Follow-Ups:
  • Re: users can access and view shares that they shouldn't be able to. HELP!
    • From: Lanwench [MVP - Exchange]

• Prev by Date: Re: Slow Logons - XP SP2 and 1Gb NICs
• Next by Date: RE: post conversion email problems
• Previous by thread: pros and cons...
• Next by thread: Re: users can access and view shares that they shouldn't be able to. HELP!
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: Apending ACL in file mirgration between forests ... set up DFS to allow me to replicat files and rights to new server ... > member server by using ADMT->computer migration or security migration. ... > able to update your profile and access the the partner newsgroups. ... you can use FSMT to migrate data from a file server in one ... (microsoft.public.windows.server.migration) RE: Server migration - 2k to 2k3 ... If you mean the file server, ... it is recommended to be migrated using FSMT (File Server Migration Toolkit). ... forest, and then click Next. ... (microsoft.public.windows.server.migration) RE: File server Migration ... user account with SID history from source domain to target domain. ... File server is still in source domain. ... >> complete migration, we should also migrate the file server to new domain to ... (microsoft.public.windows.server.migration) Re: Gruppen, Gruppenrechte, Shares ... > Erich schrieb: ... > was die Daten und Shares angeht, schau dir mal das File Server Migration ... (microsoft.public.de.german.windows.server.general) Re: users can access and view shares that they shouldnt be able to. HELP! ... I have set up a new file server as part of our migration from SBS2003 ... Make sure your domain admin credentials are different from your local admin ... the shares. ... (microsoft.public.windows.server.sbs)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.sbs  > 2007-05