Proper set up shared folders for users

Posted by user221486 on Server Fault See other posts from Server Fault or by user221486
Published on 2014-05-28T15:06:24Z Indexed on 2014/05/28 15:30 UTC
Read the original article Hit count: 175

First I would like to say thanks for helping, and I have huge problem with proper set up permission for shared folders.

I have

  • Windows 7 x64 ent. - name: backupfb - added to domain with shared folder on drive e: (e:\backup)
  • 50 clients/laptops with TSM Tivoli fastback for workstations who save files on shared folder

And I need to configure proper permission for my shared folders that only owner of folder can access to their folders.

Folder structure is:

e:\backup <- shared as a "backup" folder \\backupfb\backup\

e:\backup\BackupAdmin <-- directory is used by the Tivoli Storage Manager FastBack for Workstations client to download revisions and configurations. Nodes require read-only access to these directories

e:\backup\RealTimeBackup <-- enable client accounts to create directories that are only accessible by the account that created them. As a result, the directory that contains data for a node is not created until that node connects to the server.

So permission should look like that (take from instructions):

Inheritable permissions from object`s parents are DISABLE

Permission entries:

\\backupfb\backup\BackupAdmin

  • Allow Users Read, Execute This folder, subfolders, and files Traverse Folder / Execute Allow List Folder / Read Data Allow Read Attributes Allow Read Extended Attributes Allow Delete subfolders and files Allow Delete Allow Read Permission’s Allow

  • Allow Administrators Full Control This folder, subfolders, and files Both folders have enabled option "apply these permissions to objects and/or containers within this container only"

Here everything works fine

\\backupfb\backup\RealTimeBackup <<--

Allow Administrators Full Control This folder, subfolders, and files Allow CREATOR OWNER Full Control This folder, subfolders, and files (from domain) Allow Users Special This folder only Traverse Folder / Execute Allow List Folder / Read Data Allow Read Attributes Allow Read Extended Attributes Allow Create Files / Write Data Allow Create Folders / Append Data Allow Delete subfolders and files Allow Read Permission’s Allow

Allow OWNER RIGHTS* Full Control This folder, subfolders, and files

Here I have huge problem with CREATOR OWNER Im able to set FULL CONTROL but I can only apply "Subfolders and files only". When I change props. to "This folder, subfolders and files" and save its change to "Subfolders and files only"

So I try use icacls to set up permissions

@echo off

takeown /F E:\backup\ /R /A

for /D %%i IN (E:\backup\RealTimeBackup*) DO icacls E:\backup\RealTimeBackup\%%~nxi /grant:r cloud\%%~nxi:F /T /C

pause

but after that user are able to create just one folder in \backupfb\backup\RealTimeBackup\userfolder but problem is with subfolders

In log i have:

FBW5022E Unable to access the specified file Explanation: The file specified is unable to be accessed. Possibly spelled incorrectly, or bad path, or permissions. User response: Ensure the user has the proper permissions for the file and directories involved andthat the file and directory exist

Any idea ?? pls help ;-) thanks

© Server Fault or respective owner

Related posts about Windows

Related posts about network-share