none
settings for “document and settings” and “Application Data”

    Question

  • I’m working on a SBS 2008. I had to set some access to “document and settings” and “Application Data” to del some files so they could be replaced for an lic upgrade. To do so I set everyone to full control. (bad move I know) Anyway I went  back and removed those rights and now everyone is gone from the list. So what I’m trying to do is get those 2 dir reset back to there defaults.

    Is “Everyone” only supposed to have only List Folder  / read data checked to Deny

    And what about Special permissions.

    Friday, July 08, 2011 3:10 PM

Answers

  • Got it now...the SBS 2008 that I checked did not have Show OS files visable.

    Documents And Settings top level folder:

    Deny Everyone List folder /read data not inhertited this folder  only

    Allow Everyone Special not inherited this folder only

    Traverse Folder/execute file,

    List folder/Read Data,

    Read Attributes,

    Read Extended attributes,

    Read permissions.

    Allow System Full Control This folder only

    Allow Administrators Full Control This folder only

    I don't have access to any sub folders on that server, and not willing to take ownership.  If this is enough, let us know.  If not, I will put up a temorary box and take ownership of the folder to see the sub folders.


    Larry Struckmeyer

    Please post the resolution to your issue so that everyone can benefit

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Sunday, July 10, 2011 8:44 PM
    Moderator

All replies

  • First, fire that vendor. Such requirements are unconscionable.

    In order to help with the settings you requested, can you verify that you are asking about (drive letter):\users\all users\application data?


    Friday, July 08, 2011 5:30 PM
    Moderator
  • lol today we did return the product after all. It was Intuits POS.

     

    Its the dir C:/Documents and Settings then the dir  C:/Documents and Settings/All Users/Application Data were the only 2 I had to open up. I added Everyone and in Advanced Security set Advanded permissions for "List folder / read data" to Deny. Everything else is blank.

    I wondering about the Special permissions though. I can't seem to set them and I believe they were checked in both Allow and Deny. Although are both grey there a check in Deny now.

     

    Is that close to the default settings?

     

     

    Saturday, July 09, 2011 2:49 AM
  • Your sure you were on Server 2008/SBS 2008 and reset C:\Documents and Settings?

    Deny is the all powerful setting.  Any use of the deny setting overrides all other settings.  If you don't wish to deny, make sure it is not checked.

    Typically settings are greyed out becuase they are inherited.  You may need to go to the advanced section of the security settings.

     


    Larry Struckmeyer

    Please post the resolution to your issue so that everyone can benefit

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Saturday, July 09, 2011 3:22 PM
    Moderator
  • yes I'm sure it is the C:/Documents and Settings and the C:/Documents and Settings/All Users/Application Data folders. yes it is SBS 2008 with sp2 and all updates installed. Those were the only 2 that needed changed to get to the files that needed deleteing.

    I did use the advanced or maybe both, I tried to pay attention and took some notes as to folders I changed but not all settings as I clicked full which in turn check everything below. I was on the phone with their tech support and a customr over my shoulder. actually I was relectanted to do it at all, but they needed it done.

    Deny is powerfull and those folders could be a security issue if not set right. I need to know what I've set is the defaults. When I unchecked all the boxes; "Everyone" went away. So I had to add it.

     


    Sunday, July 10, 2011 4:31 PM
  • Got it now...the SBS 2008 that I checked did not have Show OS files visable.

    Documents And Settings top level folder:

    Deny Everyone List folder /read data not inhertited this folder  only

    Allow Everyone Special not inherited this folder only

    Traverse Folder/execute file,

    List folder/Read Data,

    Read Attributes,

    Read Extended attributes,

    Read permissions.

    Allow System Full Control This folder only

    Allow Administrators Full Control This folder only

    I don't have access to any sub folders on that server, and not willing to take ownership.  If this is enough, let us know.  If not, I will put up a temorary box and take ownership of the folder to see the sub folders.


    Larry Struckmeyer

    Please post the resolution to your issue so that everyone can benefit

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Sunday, July 10, 2011 8:44 PM
    Moderator
  • ty I'll see what I can sort out with that info and let you know either way.
    Tuesday, July 12, 2011 12:20 AM
  • Hi surfeagle, have you resolved the issue? If you need any further help. please feel free to let us know, thanks.

     

    Sean Zhu
    TechNet Subscriber Support in forum
    If you have any feedback on our support, please contact tnmff@microsoft.com


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Thursday, July 14, 2011 8:01 AM
    Moderator
  • thank you for the settings. I have left it with just the

    Deny Everyone List folder /read data not inhertited this folder only

    Allow System Full Control This folder only

    Allow Administrators Full Control This folder only

     

    of course those two allowed were never touched.

    I haven't seen any problems. I will enable the execute or read atributes of those others if I have any problems.

     

    All the Best

    Alan

     


    Tuesday, August 02, 2011 6:31 AM