Solved

Permissions Questions

Posted on 2004-10-01
7
187 Views
Last Modified: 2010-04-19
Thanks.  Windows 2003 Server (Mac File Sharing is On) Here's the scenario:

Volume D:
   Staff Folder (Shared)
      Person1
      Person2
      Person3
      Etc.

How do I set permissions for domain users to NOT be able to write anything at the Staff Folder level but be able to drop files and copy files to and from any "Person" folder.  Users should not be able to delete anything except thier own content from thier own folders.  PLEASE GIVE DETAILED RESPONSE or STEP BY STEP.

I've been stumbling through Sharing permissions, the Security Tab and the Advanced Security Settings too long now trying to nail this.  

0
Comment
Question by:mmurray46
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 9

Accepted Solution

by:
CDCOP earned 125 total points
ID: 12202374
Well depending on how you have your domain setup, and how many users you have, there are a couple of ways to handle this task.

You can Remove the everyone group under secuirity settings and replace with Authenticated users (Make sure you have administrators group in there always so you have access to it). This will make is so only users you have in your domain can access that folder. You may also want to remove certian settings for Authenticated users. The way it sounds, all you need is list files/folder and read so users can only navigate to their own folder and not mess with anyone elses. You will have to remove all users under security tab for each Person folder, then replace with the user that needs access to it and admin of course. You can give them full control since they are the folder owner.

* To remove all users from a folder you may have to take the check out of "Use inheritable..." on the security tab
* If you have a domain then you dont need sharing, because the users already have an account on the domain so you can just setup security settings for them.
0
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 12202685
CDCOP has the correct answer here...  But just to make it more clear, look at this:

Step 1:

   Staff Folder (Shared) (Share access = Authenticated Users = Change ;  NFTS= Authenticated users need List Files/Folders for this and all subdirectories.
      Person1
      Person2
      Person3
     
This gives everyone the ability to "WALK" down the directory structure.  But none of them can get into any of the sub folders.


(By the way, you might want to chang Authenticated users group to a group that is more specific...one that contians just the users that need access)

Step 2:

Give NTFS access to the appropriate users at the subfolder level:

   
      Person1  (give Change Rights here and subfolders for the group that needs full access to this dir)
      Person2  (give Change Rights here and subfolders for the group that needs full access to this dir)
      Person3  (give Change Rights here and subfolders for the group that needs full access to this dir)

Hope this helps

Joe Poandl MCSE

     
0
 

Author Comment

by:mmurray46
ID: 12202698
Thanks.  You state: "it sounds, all you need is list files/folder and read so users can only navigate to their own folder and not mess with anyone elses".  However, one of my conditions is that the users must be able to drop files into and copy files from any other "Person" folder.  I just don;t want them to be able to delete anyone else's stuff.  

You did confirm my suspicion, however, that I will be looking at making a trip to 60 people's security tabs...
0
Comparison of Amazon Drive, Google Drive, OneDrive

What is Best for Backup: Amazon Drive, Google Drive or MS OneDrive? In this free whitepaper we look at their performance, pricing, and platform availability to help you decide which cloud drive is right for your situation. Download and read the results of our testing for free!

 

Author Comment

by:mmurray46
ID: 12202709
That last comment was for CD COP...
0
 

Author Comment

by:mmurray46
ID: 12202876
OK Joe - Do I have this right?

1) Share permissions for Staff Folder = Domain Users (Change and READ)

2) Security Tab for Domain Users (Which I suspect is the same as NTFS) = (UNDER ADVANCED -> for Domain Users -> List Folder/Read Data -> This Folder and Subfolders.  Thats it.

3) On Individual Security Tab for "Person" folders: Under ADVANCED - Domain Users get change permissions only for This Folder and subfolders.  That's it.

*Admin is given full for all directories.

Is this correct?
0
 
LVL 9

Expert Comment

by:CDCOP
ID: 12204541
Sorry...im back...you can just give them read access to other users folders. The settings are just as they appear. If you give a user read access to a folder that user can read that folder, and that is all. If you would like them to write to a folder, give them write access.
0
 

Author Comment

by:mmurray46
ID: 12204989
Well thanks - I was hoping for a close look at my last with a verification because if I got the instructions right, they're not right because right now, nobody can write to any folders.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
Learn about cloud computing and its benefits for small business owners.
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question