All shared folders visible!

Microsoft Windows server 2008 standard
March 10, 2010 at 08:12:01
Specs: Windows XP
I have a Win2008 file server. I won't go into
why it's set up like this, but there is one share
with many different rights assigned with NTFS.
Access-based enumeration is enabled.

Our IT department is bombarded with calls
about people that need admin rights to do this
or that. (They all had admin rights until
6months ago-ish). Plus, I've seen dozens of
machines run by non-admin users that were
riddled with spyware/viruses. So I decided to
give most users admin rights. Please don't
lecture me on why this is a terrible idea.

I added the following line to the login script:

net localgroup administrators /add

Well, this morning, everyone comes in and
can see ALL the folders on the server.
Thankfully, they can't see any of the files
within, but they can see the folders, and it
freaks people out when yesterday there were
four folders and today there are 20.

So I updated the login script, deleting the
group from local admins. Now when I log in as
a member of that group, I do NOT have local
admin rights, but I can still see all the folders
on the server.

It's not an ABE issue, because I can actually
access the folders, I just can't see anything in

What can I do?

See More: All shared folders visible!

Report •

March 10, 2010 at 08:36:43
Okay, well, apparently this is totally unrelated to the login script
change I made. I found a machine that had NOT run the new
login script and the folders appeared there as well. (I couldn't
imagine why giving a group local admin rights would affect their
rights on the server, but Windows has done crazier things than
that before.)

Also, more info...

On several folders, the ONLY group that has rights is Domain Admins, with full control. And yet, I can open these folders as a regular user, but I cannot view the contents, I cannot create a file, nor do anything else.

Report •

March 10, 2010 at 08:48:22
More info again...

If I go to effective permissions under advanced security on one of
the should-be-hidden folders, and I look up Domain Admins, it
shows full control. If I log in as a regular user, and look up the
username, as well as each group they belong to, they all show
no rights.

Can I scream yet?

Report •

March 10, 2010 at 11:50:52
Please note you have an edit button on your posts. I would suggest just adding to your main post in the future since your post can get passed over due to thinking it was responded to [but it was only you responding]

what is the share permissions set to?
what is the root folder of the share ntfs permissions set to?

Report •

Related Solutions

March 10, 2010 at 11:59:49
Share perms: DU:F
NTFS perms: DU:R, DA:F

Also, I noticed there was a Windows update reboot last night
(2nd tuesday and whatnot). But I'm real wary about doing a
system restore on our main file server... I also have not tried
rebooting the server to see if that would make a difference.

And good point about the reply thing. I'll keep that in mind.

Report •

March 10, 2010 at 13:19:03
I would reboot the server for sure.

Do you have inheritance turned off?
Are you doing any deny's?
what are the permissions on the files?

any errors in the event viewer logs?

Report •

March 11, 2010 at 10:37:36
Thanks for the help. Rebooting the server was all it took. Still
really bizarre though.

Report •

Ask Question