Solved

mapping drives and applying security on folders withing these drives

Posted on 2003-10-29
4
502 Views
Last Modified: 2013-12-04
Hi,

I have 3 departments.  I want each department to log in to the same drive but have different read/write rights on the folders within the drive.

right now each department can log in and view the same folders, but they have different drive letters: ie. G: R: or Q: for example..

We don't want to apply the security for each user on each folder as it would be too hard and too expensive to manage...  we want to apply it on the drive they log on...  

Can we do this for example: everyone who logs on and sees G: can have read/write access on folder xyz and everyone who sees R: can only read from folder xyz but not write?

or is there a better way to do it?
0
Comment
Question by:lesultan
  • 3
4 Comments
 
LVL 12

Accepted Solution

by:
trywaredk earned 250 total points
ID: 9645523
You can't set ntfs security on a drive letter, only on the folder with the sharename you use to map the driveletter.

Group your users according to the different read/write Rights the should have on different folders.

Make global domain usergroups according to your grouping.
Maybe department1, department2, department3

Apply the ntfs-security to these global groups instead of each user.

Add the different users to these groups, that they should gain ntfs-rights through.

Remember that subfolders in w2k gains there ntfs-rights from parent-folder automatically. Once you have apply the ntfs-security to these global groups on each of the PARENT-folders, you don't have to do anything else, than adding or removing your users to these groups.

Understanding NTFS permissions:
http://www.windowsitlibrary.com/Content/592/1.html

Administration of NTFS Resources Part 1
http://studynotes.net/70part2.htm

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open
 
0
 
LVL 35

Expert Comment

by:Bembi
ID: 9645653
Maybe it helps to do the following.

Create one (hidden) share for each user group and if the permissions on the share itself is enough to seperate them, you can map the one share (i.e. RW) to the first group and the second share (i.e. only R) to the second group and so on. But this works only, if you have already configured different logon scripts for the groups to do this quick and easy. This is not the best solution but may work.

Anyway, the better solution is to create user groups with the different users and then assigning these groups with the appropriate permissions, as trywaredk suggested.
 
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 9645762
If you are using vbscript as your logon-script, you don't have to use different logonscripts, you can map drives according to which group the user (who is running the logonscript) is member of
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 9748359
:o) Glad I could help you - thank you for the points
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
This video discusses moving either the default database or any database to a new volume.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now