mapping drives and applying security on folders withing these drives

Hi,

I have 3 departments.  I want each department to log in to the same drive but have different read/write rights on the folders within the drive.

right now each department can log in and view the same folders, but they have different drive letters: ie. G: R: or Q: for example..

We don't want to apply the security for each user on each folder as it would be too hard and too expensive to manage...  we want to apply it on the drive they log on...  

Can we do this for example: everyone who logs on and sees G: can have read/write access on folder xyz and everyone who sees R: can only read from folder xyz but not write?

or is there a better way to do it?
lesultanAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

trywaredkCommented:
You can't set ntfs security on a drive letter, only on the folder with the sharename you use to map the driveletter.

Group your users according to the different read/write Rights the should have on different folders.

Make global domain usergroups according to your grouping.
Maybe department1, department2, department3

Apply the ntfs-security to these global groups instead of each user.

Add the different users to these groups, that they should gain ntfs-rights through.

Remember that subfolders in w2k gains there ntfs-rights from parent-folder automatically. Once you have apply the ntfs-security to these global groups on each of the PARENT-folders, you don't have to do anything else, than adding or removing your users to these groups.

Understanding NTFS permissions:
http://www.windowsitlibrary.com/Content/592/1.html

Administration of NTFS Resources Part 1
http://studynotes.net/70part2.htm

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open
 
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
BembiCEOCommented:
Maybe it helps to do the following.

Create one (hidden) share for each user group and if the permissions on the share itself is enough to seperate them, you can map the one share (i.e. RW) to the first group and the second share (i.e. only R) to the second group and so on. But this works only, if you have already configured different logon scripts for the groups to do this quick and easy. This is not the best solution but may work.

Anyway, the better solution is to create user groups with the different users and then assigning these groups with the appropriate permissions, as trywaredk suggested.
 
0
trywaredkCommented:
If you are using vbscript as your logon-script, you don't have to use different logonscripts, you can map drives according to which group the user (who is running the logonscript) is member of
0
trywaredkCommented:
:o) Glad I could help you - thank you for the points
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.