I added a new 2003 to our 2000 domain. We were running low on space for our file server which was on our 2000 Server DC and I added a new 2003 Server DC. I got AD installed and then added file and printer services on the new 2003 DC. I copied all files from the old DC/File server to the new Dc/File server and all my permissions got messed up. All files had the everyone included in the files. I removed all, and added the correct Shared and NTFS permissions, painfully I might add, and now one of the two file shares in not working properly. I have a “Users” and “Departments” share and I had to add the everyone in the NTFS permissions in order for everyone to access our departments share folder. Unfortunately now everyone can access all folders which they should not be able to access. I have verified that I have unchecked “Allow inheritable permissions…..” from the advanced features under the security tab for Everyone. The weird thing is, that my “Users” share is working fine, it’s just the “Departments” that is messing up. If I remove the Everyone from the ntfs security, then no one can access any folders or files in the Department Share.

If more information is needed, please let me now.

Thanks,

You also need to correct the Share permissions.

Life's more painless for the brainless.

Did you run ADPREP on your 2000 AD?

When you removed everyone from the departments share what group did you add to give them access to the share?

Imagine the power if you knew how to internet search

Thanks for the responses. I did correct the Share permissions, the only real option there is to move "Everyone" from read to full control and then users could access both the shared drives.
I did run ADPREP on the 2000 AD, at first I ran the wrong version. For what ever reason, Microsoft has two versions of ADPREP, one for server 2003 and the other for server 2003 R2, but they are both located on the install CD, for version 2003 it’s on the first install Cd and for R2 it’s located on the second Cd. After I ran the correct one, I was able to successfully add AD to the 2003 Server. After I added AD I added the File and Printer services and then created the folders on the new server and then transferred all folders and files. Then I added the Share to both folders. Now our "Departments" folder is not working properly. Any suggestions?

Let's start by leaving the ntfs permissions alone. You only use them if you can't restrict by share access.

So what security group have you created to assign to the Departments folder?

Are there just files in this folder or are there other folders?

Imagine the power if you knew how to internet search

security Group? I have not created any type of group. I have created a folder called Departments and then I copied all the folders and files from the existing departments folder to the new folder on our new DC. I then removed all security settings except for the Administrators and then I went to each folder under the Departments root folder and added the correct security settings for each folder. I thought that would be good. I then found out that in 2003 you have to update the Share permissions so I changed the everyone to full and still no one was able to access until I added the everyone under the security settings. I found that under the effective permissions, that the everyone have some additional settings that did not appear. I removed all but the List folder from the everyone and now users can see the folders and files but can not open unless they have the proper security settings in place. The weird thing is that I did the same thing with our User folder and it works fine without the need to add the everyone under the security settings. Sorry for the long explanation but I want to make sure to cover it all.

You said "and added the correct security settings for each folder" By that do you mean you're actually adding Domain user accounts individually? No, no no.... Create the Groups you need, then add the users to the Groups. If you're not familiar with Security Groups, then (please don't be offended) you have a lot to learn about Administering a Domain.

Life's more painless for the brainless.

"you have a lot to learn about Administering a Domain" Amen!!!! HaHaHa. I have been adding them individually, but the reason is, that many of the folders are only for one person, I have created some groups for sales/billing/invoicing etc. And I try to use those when I can but I could go for creating more groups and less individual settings.

I am still working on my issue with having to have the Everyone included in the security settings in order for users to access certain folders. Now I'm having issues with my "Users" folder. We have a couple of remote users how use offline files and they could not use this option unless I added the everyone group to the security tab. Again, I put the special settings to the everyone group so that is lists files only. I would like to be able to remove the everyone group but unfortunately access to the folder fails. Any help would be greatly appreciated.