Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 510
  • Last Modified:

mapping drives and applying security on folders withing these drives

Hi,

I have 3 departments.  I want each department to log in to the same drive but have different read/write rights on the folders within the drive.

right now each department can log in and view the same folders, but they have different drive letters: ie. G: R: or Q: for example..

We don't want to apply the security for each user on each folder as it would be too hard and too expensive to manage...  we want to apply it on the drive they log on...  

Can we do this for example: everyone who logs on and sees G: can have read/write access on folder xyz and everyone who sees R: can only read from folder xyz but not write?

or is there a better way to do it?
0
lesultan
Asked:
lesultan
  • 3
1 Solution
 
trywaredkCommented:
You can't set ntfs security on a drive letter, only on the folder with the sharename you use to map the driveletter.

Group your users according to the different read/write Rights the should have on different folders.

Make global domain usergroups according to your grouping.
Maybe department1, department2, department3

Apply the ntfs-security to these global groups instead of each user.

Add the different users to these groups, that they should gain ntfs-rights through.

Remember that subfolders in w2k gains there ntfs-rights from parent-folder automatically. Once you have apply the ntfs-security to these global groups on each of the PARENT-folders, you don't have to do anything else, than adding or removing your users to these groups.

Understanding NTFS permissions:
http://www.windowsitlibrary.com/Content/592/1.html

Administration of NTFS Resources Part 1
http://studynotes.net/70part2.htm

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open
 
0
 
BembiCEOCommented:
Maybe it helps to do the following.

Create one (hidden) share for each user group and if the permissions on the share itself is enough to seperate them, you can map the one share (i.e. RW) to the first group and the second share (i.e. only R) to the second group and so on. But this works only, if you have already configured different logon scripts for the groups to do this quick and easy. This is not the best solution but may work.

Anyway, the better solution is to create user groups with the different users and then assigning these groups with the appropriate permissions, as trywaredk suggested.
 
0
 
trywaredkCommented:
If you are using vbscript as your logon-script, you don't have to use different logonscripts, you can map drives according to which group the user (who is running the logonscript) is member of
0
 
trywaredkCommented:
:o) Glad I could help you - thank you for the points
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now