Announcement

Collapse
No announcement yet.

new folders created on a DC defaults to read only

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • new folders created on a DC defaults to read only

    hi,

    i'm having a problem, when i create a new folder on the windows server 2003 it always defeults to a read only folder, and even though i gave the users full control of a particular folder, i can't save files over the network onto this drive. i tried unchecking the read-only attribute of the folder. But once you ok it in the property screen and go back in the read-only attribute is checked again. Where would i look to solve this problem.

    Thanks

  • #2
    The default SHARE permissions on 2K3 are Everyone Read Only. IMHO this makes a mockery of the more flexible security permissions but thats how microsoft have done it. If you change the share permissions to everyone full control you can then use security permissions properly.

    Supplementary -- does anyone know a way of changing default share permissions on 2K3 server?

    Tom
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Thanks

      Thanks for the reply Ossian,

      i'm not a big fan of giving the full control to the everyone group, but yes it did work. I also found a nice tool that allows you to create share folders without it doing that default read-only junk. i used the tool filesrv.msc located in the system32, and the folders worked nicely with no problems.
      I guess maybe Microsoft wants you to use their tools more

      Comment


      • #4
        I'm not a fan of "everyone full control" either but remember this is only the SHARE permission. In 2K Server shares were everyone full control and you used SECURITY to assign group permissions with far more flexibility than shares permissions. This is the recommended MCSE way of doing things, but the 2K3 wizard sets share permissions and leaves everyone with full security permissions -- reversing the previous policy.

        Remember: users get LEAST restrictive permissions within share or security but MOST restrictive comparing the final results.

        Thanks for the tip on the tool -- I'll start using that

        Glad you got it sorted out anyway....

        Tom
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: new folders created on a DC defaults to read only

          Originally posted by Ossian View Post
          I'm not a fan of "everyone full control" either but remember this is only the SHARE permission. In 2K Server shares were everyone full control and you used SECURITY to assign group permissions with far more flexibility than shares permissions. This is the recommended MCSE way of doing things, but the 2K3 wizard sets share permissions and leaves everyone with full security permissions -- reversing the previous policy.

          Remember: users get LEAST restrictive permissions within share or security but MOST restrictive comparing the final results.

          Thanks for the tip on the tool -- I'll start using that

          Glad you got it sorted out anyway....

          Tom
          I have to say Tom that just makes me nuts.
          Did I understand that right that security has been reversed from 2k to 2k3?
          So if I copy volumes from a 2k server to a 2k3 server the security is all backwards?
          I am at a client that has the "Everyone" local security group in with r/w/e/m and the "domain\users" security group in the share with r/w/l permissions. Then the security (with inheritance) from the root of the drive has everyone with "full" access.
          So what is the end result? You guessed it.... r/w/l only
          So, to the question, for the 15 2k3 servers here with volums copied form 2k servers what TOOL can I use to correct all the permssions?

          (You know when I tried to get this question in the MCSE back in NT4 I kept getting it wrong... I always had the Novell model of security in my head and now they have GONE TO THAT MODEL???)

          Patrick Burwell
          BurwellFamily.US
          Last edited by pburwell; 7th December 2006, 18:29. Reason: HELP!

          Comment


          • #6
            Re: new folders created on a DC defaults to read only

            Talk about dredging things up from the past -- I saw my name and couldnt remember writing it, and then I saw it was 30 months old!

            No, security hasnt (AFAIK) changed from 2000 to 2003. Its always been a combination of share and NTFS permissions.

            You get the best combination of share permissions depending on the groups you are in

            You get the best combination of NTFS permissions depending on the groups you are in

            You get the worst of the above.

            Thats only when accessing a network share over a LAN. On the local PC, only NTFS permissions apply.

            If you are seeing different, please post screenshots and clarify whether you are accessing over the LAN or locally

            Tom
            Tom Jones
            MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
            PhD, MSc, FIAP, MIITT
            IT Trainer / Consultant
            Ossian Ltd
            Scotland

            ** Remember to give credit where credit is due and leave reputation points where appropriate **

            Comment

            Working...
            X