Solved

Setting up user groups to access files

Posted on 2004-09-04
8
213 Views
Last Modified: 2010-03-18
I'm setting up a new server running Windows 2003 I have a number of folders in my directory. (Forgive me if I'm not using the right terminology)
The main directory is call Purcell with sub-folders called
Accounting
Copy Center
Personal
Pre-Press
Press
Sales


These all are currently shared folders. I want to create three user groups. The first would be a manager group who would have access to everything, a sales group who would have access to everything but accounting, and a production group who would access everything but accounting and sales. I want to give them full rights to create sub-directories. Lastly I want to set up the personal folder so each employee who have their own secure folder and only administrator rights gets you in. How do I set up these groups and what privileges do I give each user?

Dan
0
Comment
Question by:Dan Purcell
  • 4
  • 4
8 Comments
 
LVL 11

Assisted Solution

by:infotrader
infotrader earned 125 total points
ID: 11980503
0
 
LVL 15

Accepted Solution

by:
Yan_west earned 125 total points
ID: 11980541
1- go to Active directory Users and computers on your server.
2- right click the user folder ->new ->group.
3- Give your groups the name that you want, check global group, and check security.
4- click finish.
5-  in users, double click the group you just created and click the member tab. Add the wanted members for your group. click ok.
6- close AD Users and comptuters
7- browse to the desired directory, right click, properties, Security tab, and add the wanted group to the root directory.
    Here is the different permission you can give: Full control.. (can do everything, even take possesion as an owner.)
                                                                      Modify (Can do everything, but not take possesion)
                                                                      Read and execute.. (does what it says)
                                                                      List folder content can view file name, but not read them or write them.. can do nothing exept view directory.
                                                                      Read (only read)
                                                                      Write (only write.. someone could write to a directory, and not read..)

after you assign your group to the root directory, all the same rights will be applied in each subdirectory. If you want to apply different right to subdirectories, right click them, click security tab, click advanced button, and remove the checkmark on "allow inheritable permission from parent to propagate to this object".

This way, all permission will not be propagated from the parent object. Do that on each sub directory, and then, assign rights again to each one of them.

That should do what you want!

For the users folders, create a "User tab", then in the user tab, create a directory for each user using their username. After this, share each folder and add a $ sign at the end.. This will make the share invisible. Go in the folder permission, and assign administrator with full access, and the user with modify access.

Lastly, go in Active directory users and computers, click on users, double click the user name, go to the profile tab, and click "connect to" on the home section.Choose the drive letter that you want the share to be assigned to for the user. In the field, type "\\servername\sharename" and click ok. Next time the user will logon, the new folder will appear as a mapped drive.

If your user is named jsmith, the you will click "connect drive letter: H:" and \\servername\jsmith$

next time jsmith will log on, his H: will be connected to his own personnal directory. BTW, this only works on NT4, 2000 and XP.



0
 
LVL 11

Expert Comment

by:infotrader
ID: 11980550
Basically, depending if you have installed Active Directory or not.  If using Active Directory:

1.  Go to "Active Directory Users and Computers" group and create the 3 SECURITY groups (managers, sales, and production).  Add the people to these groups.

2.  Right-click on the folders and create the share.  Assign the appropriate share permission for each group of users to the shares.  To give groups different "rights" than the default rights, you can go to the "Security" tab of the file/folder properties, and change the rights to each folder there.  Go to the "Advanced" setting, and that would give you more options, including "create folder".  If you check "DENY", you are denying users to perform such action.  Normally, do NOT use the deny function, but just grant access to the right group instead.  These rights assigned to the security is based on NTFS, and takes priority over the share-level rights you created earlier.  So, for example, if you are in the SALES group, and have FULL access to the sales folder SHARE, but have only READ access to the folder, then you can only READ it.

3.  To create user folders, it's probably easiest to create a share called USERS.  Assign READ-ONLY to the "EVERYONE" group, and FULL access to Administrators.  Then, using Active Directory Users and Computers, put the User's "HOME DIRECTORY" to there.  By doing so, you will create a user folder in that directory, and only the user have full access to his/her folder (i.e. \\servername\USERS\JoeSchmoe )

If you are not using Active Directory, you can use the User Manager in "Administrative Tools" to acheive pretty much the same thing.

- Info
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 11980555
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 11

Expert Comment

by:infotrader
ID: 11980557
LOL Yan...

You almost beat me again :-P

I figure I'll give Dan a link first BEFORE proceeding with my 2 page long explaination.. LOL

Dan, If you follow the direction from both of us, you can pretty much skip the link.  That would be sufficient to get you to at least start with permissions and stuff.

I think we deserve a split, though  :-)

- Info
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 11980568
How to assign a user a home folder:

http://support.microsoft.com/?kbid=816313
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 11980579
Almost? I did beat you again!.. A split would be ok i guess.. 75% me, 25 you, since I was the 1st.. rofl. ;)
0
 
LVL 11

Expert Comment

by:infotrader
ID: 11980598
Hey... I posted FIRST!!!  LOL

Nah... I doesn't matter..  The important thing is that we are helping people...   Besides the gratification of scoring big points, I am not interested in the points anyway  :-)

- Info
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

A brief overview to explain gateways, default gateways and static routes OR NO - you CANNOT have two default gateways on the same server, PC or other Windows-based network device. In simple terms a gateway is formed when a computer such as a serv…
Sometimes you might need to configure routing based not only on destination IP address, but also on a combination of destination IP address (or hostname) and destination port number. I will describe a method how to accomplish this with free tools. …
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now