Solved

Setting up user groups to access files

Posted on 2004-09-04
8
239 Views
Last Modified: 2010-03-18
I'm setting up a new server running Windows 2003 I have a number of folders in my directory. (Forgive me if I'm not using the right terminology)
The main directory is call Purcell with sub-folders called
Accounting
Copy Center
Personal
Pre-Press
Press
Sales


These all are currently shared folders. I want to create three user groups. The first would be a manager group who would have access to everything, a sales group who would have access to everything but accounting, and a production group who would access everything but accounting and sales. I want to give them full rights to create sub-directories. Lastly I want to set up the personal folder so each employee who have their own secure folder and only administrator rights gets you in. How do I set up these groups and what privileges do I give each user?

Dan
0
Comment
Question by:Dan Purcell
  • 4
  • 4
8 Comments
 
LVL 11

Assisted Solution

by:infotrader
infotrader earned 125 total points
ID: 11980503
0
 
LVL 15

Accepted Solution

by:
Yan_west earned 125 total points
ID: 11980541
1- go to Active directory Users and computers on your server.
2- right click the user folder ->new ->group.
3- Give your groups the name that you want, check global group, and check security.
4- click finish.
5-  in users, double click the group you just created and click the member tab. Add the wanted members for your group. click ok.
6- close AD Users and comptuters
7- browse to the desired directory, right click, properties, Security tab, and add the wanted group to the root directory.
    Here is the different permission you can give: Full control.. (can do everything, even take possesion as an owner.)
                                                                      Modify (Can do everything, but not take possesion)
                                                                      Read and execute.. (does what it says)
                                                                      List folder content can view file name, but not read them or write them.. can do nothing exept view directory.
                                                                      Read (only read)
                                                                      Write (only write.. someone could write to a directory, and not read..)

after you assign your group to the root directory, all the same rights will be applied in each subdirectory. If you want to apply different right to subdirectories, right click them, click security tab, click advanced button, and remove the checkmark on "allow inheritable permission from parent to propagate to this object".

This way, all permission will not be propagated from the parent object. Do that on each sub directory, and then, assign rights again to each one of them.

That should do what you want!

For the users folders, create a "User tab", then in the user tab, create a directory for each user using their username. After this, share each folder and add a $ sign at the end.. This will make the share invisible. Go in the folder permission, and assign administrator with full access, and the user with modify access.

Lastly, go in Active directory users and computers, click on users, double click the user name, go to the profile tab, and click "connect to" on the home section.Choose the drive letter that you want the share to be assigned to for the user. In the field, type "\\servername\sharename" and click ok. Next time the user will logon, the new folder will appear as a mapped drive.

If your user is named jsmith, the you will click "connect drive letter: H:" and \\servername\jsmith$

next time jsmith will log on, his H: will be connected to his own personnal directory. BTW, this only works on NT4, 2000 and XP.



0
 
LVL 11

Expert Comment

by:infotrader
ID: 11980550
Basically, depending if you have installed Active Directory or not.  If using Active Directory:

1.  Go to "Active Directory Users and Computers" group and create the 3 SECURITY groups (managers, sales, and production).  Add the people to these groups.

2.  Right-click on the folders and create the share.  Assign the appropriate share permission for each group of users to the shares.  To give groups different "rights" than the default rights, you can go to the "Security" tab of the file/folder properties, and change the rights to each folder there.  Go to the "Advanced" setting, and that would give you more options, including "create folder".  If you check "DENY", you are denying users to perform such action.  Normally, do NOT use the deny function, but just grant access to the right group instead.  These rights assigned to the security is based on NTFS, and takes priority over the share-level rights you created earlier.  So, for example, if you are in the SALES group, and have FULL access to the sales folder SHARE, but have only READ access to the folder, then you can only READ it.

3.  To create user folders, it's probably easiest to create a share called USERS.  Assign READ-ONLY to the "EVERYONE" group, and FULL access to Administrators.  Then, using Active Directory Users and Computers, put the User's "HOME DIRECTORY" to there.  By doing so, you will create a user folder in that directory, and only the user have full access to his/her folder (i.e. \\servername\USERS\JoeSchmoe )

If you are not using Active Directory, you can use the User Manager in "Administrative Tools" to acheive pretty much the same thing.

- Info
0
Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

 
LVL 15

Expert Comment

by:Yan_west
ID: 11980555
0
 
LVL 11

Expert Comment

by:infotrader
ID: 11980557
LOL Yan...

You almost beat me again :-P

I figure I'll give Dan a link first BEFORE proceeding with my 2 page long explaination.. LOL

Dan, If you follow the direction from both of us, you can pretty much skip the link.  That would be sufficient to get you to at least start with permissions and stuff.

I think we deserve a split, though  :-)

- Info
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 11980568
How to assign a user a home folder:

http://support.microsoft.com/?kbid=816313
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 11980579
Almost? I did beat you again!.. A split would be ok i guess.. 75% me, 25 you, since I was the 1st.. rofl. ;)
0
 
LVL 11

Expert Comment

by:infotrader
ID: 11980598
Hey... I posted FIRST!!!  LOL

Nah... I doesn't matter..  The important thing is that we are helping people...   Besides the gratification of scoring big points, I am not interested in the points anyway  :-)

- Info
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to set WIndows 10 from automatice update to manual? 13 75
VPN speed and 3rd party service 13 55
Understanding Security Log Events 2 62
Network Switch Connections 8 63
Greetings, Experts! First let me state that this website is top notch. I thoroughly enjoy the community that is shared here; those seeking help and those willing to sacrifice their time to help. It is fantastic. I am writing this article at th…
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question