User Home Directory  Default Permissions  (Z drive and U drive) Instructions on Setting NTFS File Permissions

12 July, 2001

• Default permissions on Z drive (your home directory) and U drive (all home directories)
  
  
• Script to change permissions to allow sharing (adding 'Authenticated Users: Read')

Default permissions on Z drive (your home directory) and U drive (all home directories)

Please note that as of 7/12/01, the default permissions for NT home directories have changed (this does not apply to most BSD users who are on a different server).   The default permissions no longer allow 'Authenticated Users:Read'.  For many users, this change will have no effect so you don't need to take any action.  For those who share files from your home directory, you will need to run the script or reset your permissions. 

As an example, for the user account 'achan', the default permissions are:

• 'achan: Full Control'
• 'System: Full Control', 'Administrators: Full Control' (and may include other system administrative accounts).
  These administrative accounts must be included in the permissions of directories and files on the network drives in order for administrative tasks to be performed (e.g., migration of data to larger volumes, anti-virus, etc.).
  
  

This means only that user has read/write privileges to the home directory (the other accounts are administrative ones).

If you need to share files with other users, you will need to explicitly change the permissions.   You can use this script to add 'Authenticated Users:Read' to your home directory, while maintaining restrictive access to your 'Private' directory.

Unless you are familiar with NTFS permissions, please be cautious when resetting your permissions.   If you need help, please contact desktop-admin@slac.stanford.edu or your local administrator.

More on setting permissions.

Reason for the change:  In the past, 'Authenticated Users:Read' was included in the user directory list of permissions.    This allowed read access for all people with valid SLAC NT accounts.    During the July 10, 2001 outage, the home directory server ran a CHKDSK; it stripped the existing file permissions from the directories and files and replaced them with a system default setting.   This resulted in a very restrictive set of permissions being applied-- only 'System:Full Control' and 'Administrator:Full Control'.

Some users had previously set up their home directory subfolders with restrictive permissions to protect sensitive files.   In order to avoid exposing these files in the event that 'Authenticated Users:READ' were to be re-introduced, we have opted to leave each user home directory at read/write access only to the respective user.

The recommended way to share files is by using the Groups Drive (V: drive).    We realize that a subset of users share files from each other's home directories.   These users will need to explicitly set permissions to allow for this wider access.   To do so, you can use this script.  Unless you are familiar with NTFS permissions, please be cautious when resetting your permissions.   If you need help, please contact desktop-admin@slac.stanford.edu or your local administrator.

Owner: Desktop-Admin