Add User Wizard Automatically Assigns Domain Users Read Permission on Users' Shared Folders (243221)


The information in this article applies to:

  • Microsoft BackOffice Small Business Server 4.0
  • Microsoft BackOffice Small Business Server 4.0a
  • Microsoft BackOffice Small Business Server 4.5
This article was previously published under Q243221

SYMPTOMS

The Add User Wizard in the BackOffice Small Business Server (SBS) Console automatically grants "read" permission to the Domain Users group for individual users' shared folders.

WORKAROUND

Administrators who want to use the shared user folders as private home folders can do so by using either of the following methods:
  • Run the following command, including quotation marks, from a command line:

    cacls "c:\users shared folders" /e /t /r "domain users"

    This command removes the Domain Users group from all folders in the user's Shared Folders folder, leaving only the folder's owner and administrators with access to each folder.

    NOTE: This command must be run each time a user is added to the SBS server for that user's folder to be private.

  • When you are creating a user account, the User Access Wizard grants the new user "read" permission on any folder in the "This user can only read files in" list. Remove other users' shared folders from this list to prevent the new user from gaining "read" permission to these folders.

    You can also alter folder permissions for existing users by using the Manage User Permissions Wizard on the Manage Users tab in the console.

STATUS

This behavior is by design.
Modification Type:MajorLast Reviewed:11/19/2003
Keywords:kbenv kbprb KB243221
©2003 Microsoft Corporation. All rights reserved.