Microsoft KB Archive/243221

= Add User Wizard Automatically Assigns Domain Users Read Permission on Users' Shared Folders =

Article ID: 243221

Article Last Modified on 11/19/2003

-

APPLIES TO


 * Microsoft BackOffice Small Business Server 4.0
 * Microsoft BackOffice Small Business Server 4.0a
 * Microsoft BackOffice Small Business Server 4.5

-



This article was previously published under Q243221



SYMPTOMS
The Add User Wizard in the BackOffice Small Business Server (SBS) Console automatically grants "read" permission to the Domain Users group for individual users' shared folders.



WORKAROUND
Administrators who want to use the shared user folders as private home folders can do so by using either of the following methods:  Run the following command, including quotation marks, from a command line:

cacls "c:\users shared folders" /e /t /r "domain users"

This command removes the Domain Users group from all folders in the user's Shared Folders folder, leaving only the folder's owner and administrators with access to each folder.

NOTE: This command must be run each time a user is added to the SBS server for that user's folder to be private.

 When you are creating a user account, the User Access Wizard grants the new user "read" permission on any folder in the "This user can only read files in" list. Remove other users' shared folders from this list to prevent the new user from gaining "read" permission to these folders.

You can also alter folder permissions for existing users by using the Manage User Permissions Wizard on the Manage Users tab in the console.



STATUS
This behavior is by design.

Additional query words: smallbiz home directory permissions adduser

Keywords: kbenv kbprb KB243221

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.