?
Solved

Permissions Questions

Posted on 2004-10-01
7
Medium Priority
?
188 Views
Last Modified: 2010-04-19
Thanks.  Windows 2003 Server (Mac File Sharing is On) Here's the scenario:

Volume D:
   Staff Folder (Shared)
      Person1
      Person2
      Person3
      Etc.

How do I set permissions for domain users to NOT be able to write anything at the Staff Folder level but be able to drop files and copy files to and from any "Person" folder.  Users should not be able to delete anything except thier own content from thier own folders.  PLEASE GIVE DETAILED RESPONSE or STEP BY STEP.

I've been stumbling through Sharing permissions, the Security Tab and the Advanced Security Settings too long now trying to nail this.  

0
Comment
Question by:mmurray46
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 9

Accepted Solution

by:
CDCOP earned 375 total points
ID: 12202374
Well depending on how you have your domain setup, and how many users you have, there are a couple of ways to handle this task.

You can Remove the everyone group under secuirity settings and replace with Authenticated users (Make sure you have administrators group in there always so you have access to it). This will make is so only users you have in your domain can access that folder. You may also want to remove certian settings for Authenticated users. The way it sounds, all you need is list files/folder and read so users can only navigate to their own folder and not mess with anyone elses. You will have to remove all users under security tab for each Person folder, then replace with the user that needs access to it and admin of course. You can give them full control since they are the folder owner.

* To remove all users from a folder you may have to take the check out of "Use inheritable..." on the security tab
* If you have a domain then you dont need sharing, because the users already have an account on the domain so you can just setup security settings for them.
0
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 12202685
CDCOP has the correct answer here...  But just to make it more clear, look at this:

Step 1:

   Staff Folder (Shared) (Share access = Authenticated Users = Change ;  NFTS= Authenticated users need List Files/Folders for this and all subdirectories.
      Person1
      Person2
      Person3
     
This gives everyone the ability to "WALK" down the directory structure.  But none of them can get into any of the sub folders.


(By the way, you might want to chang Authenticated users group to a group that is more specific...one that contians just the users that need access)

Step 2:

Give NTFS access to the appropriate users at the subfolder level:

   
      Person1  (give Change Rights here and subfolders for the group that needs full access to this dir)
      Person2  (give Change Rights here and subfolders for the group that needs full access to this dir)
      Person3  (give Change Rights here and subfolders for the group that needs full access to this dir)

Hope this helps

Joe Poandl MCSE

     
0
 

Author Comment

by:mmurray46
ID: 12202698
Thanks.  You state: "it sounds, all you need is list files/folder and read so users can only navigate to their own folder and not mess with anyone elses".  However, one of my conditions is that the users must be able to drop files into and copy files from any other "Person" folder.  I just don;t want them to be able to delete anyone else's stuff.  

You did confirm my suspicion, however, that I will be looking at making a trip to 60 people's security tabs...
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:mmurray46
ID: 12202709
That last comment was for CD COP...
0
 

Author Comment

by:mmurray46
ID: 12202876
OK Joe - Do I have this right?

1) Share permissions for Staff Folder = Domain Users (Change and READ)

2) Security Tab for Domain Users (Which I suspect is the same as NTFS) = (UNDER ADVANCED -> for Domain Users -> List Folder/Read Data -> This Folder and Subfolders.  Thats it.

3) On Individual Security Tab for "Person" folders: Under ADVANCED - Domain Users get change permissions only for This Folder and subfolders.  That's it.

*Admin is given full for all directories.

Is this correct?
0
 
LVL 9

Expert Comment

by:CDCOP
ID: 12204541
Sorry...im back...you can just give them read access to other users folders. The settings are just as they appear. If you give a user read access to a folder that user can read that folder, and that is all. If you would like them to write to a folder, give them write access.
0
 

Author Comment

by:mmurray46
ID: 12204989
Well thanks - I was hoping for a close look at my last with a verification because if I got the instructions right, they're not right because right now, nobody can write to any folders.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
Suggested Courses

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question