No announcement yet.

windows 2003 permissions

  • Filter
  • Time
  • Show
Clear All
new posts

  • windows 2003 permissions

    I'm having a problem with my folder permission settings. I am the administrator on a server running 2003, (AD DNS and a file server). I have setup a client computer and a GPO to redirect all their personel files within mydocumnets to the file server.
    I create a share named "mydocsshare" and created a separate folder for each user. eg. \\servername\mydocsshare\david

    when david next logs in, the computer automatically creates a folder called "my documents" within this shared folder. Which i can not gain access to.

    I want to be able to monitor the files on the server but it says i haven't got the sufficient privileges.

    Can somebody spread some light on the subject


  • #2
    Re: windows 2003 permissions

    The domain admins froup have NTFS/Share full control permissions + you enable permissions Inherit ?
    Best Regards,

    Yuval Sinay

    LinkedIn:, Blog:


    • #3
      Re: windows 2003 permissions

      Just make sure if your network administrator has an access to those shared folder, maybe you've modified it and made a mistake because administrator has full access by default. Anyway, don't worry about it because you can easily reset those folder permission if you hold admin account, JUST RESET ACCESS PERMISSION....
      Note : in Windows 2003 after you shared a folder, sharing permission is read only by default. You need to change it to full access and use security setting to manage access permission. even you have full access in security setting and the shared permission is read only you can not do anything with the shared folder (it will read only access for everyone except you logon in the server).
      Last edited by lzd212; 22nd November 2005, 12:32.


      • #4
        Re: windows 2003 permissions

        by default if you setup folder redirection, the default settings are "grant exclusive user rights to folder"

        meaning that administrator group is not part of the redirected folder share. Its for security purposes that admin's don't poke into ppl's folder for privacry reasons blah blah.

        now as admin of course you can take ownership and thats a pain.

        please follow the guide below:;en-us;Q288991

        the best strategy is to follow a 2 pronged approach.

        setup a share as you have, but set the parent permission to what you want and inherit down to child folders.

        on the gpo side, take off the grant excusive user rights to folder

        ythe guide above has strategies for both windows 2000 and windows 2003


        • #5
          Re: windows 2003 permissions

          cheers guys all sorted now.

          just a quickie.....

          i noticed that roaming profiles contains the mydocuments folder of the user. So if you set up roaming profiles there is no need to also configure folder redirection for my documents.




          • #6
            Re: windows 2003 permissions

            sometihng to think about.

            roaming profiles, while when it is small works great. However when it becomes too large, windows hangs the profiles and doesn't sync it up with the server location well. While you can use UPHCLEAN to unload the profile, but it leaves remeninsces of users profiles all over the pc's where ever they log in. Which is a potential privacy of files hazard.

            I would recommend redirecting the larger folders: ie. my docs, app data, etc..

            folder redirection was created to fix the problems that roaming profiles had.

            folder redirection will also speed up login time (imagine if you were roaming 100megs across a lan?)