Windows 2000 Server security on network shares
This evening I will be transferring all of our employee user folders to a different server. This contains the following folders: My Documents, Application Data, and Desktop. Group policy is configured to redirect all of these settings to a server rather than the client's local hard disk.
Now for the problem...I am a member of the Domain Admins group. Each folder in the users directory gives me full control of these folders under the security settings. However, on some of the user's subfolders (My Docs, Application Data, Desktop), I do not have rights under security. I need to change this, because since I do not have full control of certain subfolders, I am unable to copy the folders to the new server. Please help me understand what is configured wrong and how I can change it most easily so that I do not have to manually take ownership of each folder individually.
Our users folder is organized as follows:
On a local disk on the server there is a folder named "Users". In it contains the login name followed by a $ of each employee's user name. For example, my name is Wayne and my share is Wayne$.
Software/Hardware used:
Software/Hardware used:
ASKED:
March 18, 2005 2:05 PM
UPDATED:
April 5, 2005 6:33 PM
Answer Wiki:
Hi!
You should take ownership of users folder which will cover all subfolders within this folder so you don't need to go for each folder.
To see all answers submitted to the Answer Wiki: View Answer History.
Hi. Thanks. That’s what I did. It worked fine. No problems at all.
Hi. Thanks. That’s what I did. It worked fine. No problems at all.
For future profiles, there is a Group Policy you can set to add the Administrators to have full control over new profiles created. The policy is Computer Configuration–>Administrative Templates–>system–>User Profiles–>”Add the Adminstrators security group to roaming user profiles” and needs to be set on the policy applied to computer objects. This will not add the Administrators to currently present profiles, but it will for new profiles created.
For future profiles, there is a Group Policy you can set to add the Administrators to have full control over new profiles created. The policy is Computer Configuration–>Administrative Templates–>system–>User Profiles–>”Add the Adminstrators security group to roaming user profiles” and needs to be set on the policy applied to computer objects. This will not add the Administrators to currently present profiles, but it will for new profiles created. Also, starting with Windows 2000, you don’t need to share out each user’s profile. You can simply share out one folder and put the profiles under it (I.e. servernameprofiles$%username%) – less shares for the server to manage.