Solved

Permissions Questions

Posted on 2004-10-01
7
182 Views
Last Modified: 2010-04-19
Thanks.  Windows 2003 Server (Mac File Sharing is On) Here's the scenario:

Volume D:
   Staff Folder (Shared)
      Person1
      Person2
      Person3
      Etc.

How do I set permissions for domain users to NOT be able to write anything at the Staff Folder level but be able to drop files and copy files to and from any "Person" folder.  Users should not be able to delete anything except thier own content from thier own folders.  PLEASE GIVE DETAILED RESPONSE or STEP BY STEP.

I've been stumbling through Sharing permissions, the Security Tab and the Advanced Security Settings too long now trying to nail this.  

0
Comment
Question by:mmurray46
  • 4
  • 2
7 Comments
 
LVL 9

Accepted Solution

by:
CDCOP earned 125 total points
ID: 12202374
Well depending on how you have your domain setup, and how many users you have, there are a couple of ways to handle this task.

You can Remove the everyone group under secuirity settings and replace with Authenticated users (Make sure you have administrators group in there always so you have access to it). This will make is so only users you have in your domain can access that folder. You may also want to remove certian settings for Authenticated users. The way it sounds, all you need is list files/folder and read so users can only navigate to their own folder and not mess with anyone elses. You will have to remove all users under security tab for each Person folder, then replace with the user that needs access to it and admin of course. You can give them full control since they are the folder owner.

* To remove all users from a folder you may have to take the check out of "Use inheritable..." on the security tab
* If you have a domain then you dont need sharing, because the users already have an account on the domain so you can just setup security settings for them.
0
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 12202685
CDCOP has the correct answer here...  But just to make it more clear, look at this:

Step 1:

   Staff Folder (Shared) (Share access = Authenticated Users = Change ;  NFTS= Authenticated users need List Files/Folders for this and all subdirectories.
      Person1
      Person2
      Person3
     
This gives everyone the ability to "WALK" down the directory structure.  But none of them can get into any of the sub folders.


(By the way, you might want to chang Authenticated users group to a group that is more specific...one that contians just the users that need access)

Step 2:

Give NTFS access to the appropriate users at the subfolder level:

   
      Person1  (give Change Rights here and subfolders for the group that needs full access to this dir)
      Person2  (give Change Rights here and subfolders for the group that needs full access to this dir)
      Person3  (give Change Rights here and subfolders for the group that needs full access to this dir)

Hope this helps

Joe Poandl MCSE

     
0
 

Author Comment

by:mmurray46
ID: 12202698
Thanks.  You state: "it sounds, all you need is list files/folder and read so users can only navigate to their own folder and not mess with anyone elses".  However, one of my conditions is that the users must be able to drop files into and copy files from any other "Person" folder.  I just don;t want them to be able to delete anyone else's stuff.  

You did confirm my suspicion, however, that I will be looking at making a trip to 60 people's security tabs...
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 

Author Comment

by:mmurray46
ID: 12202709
That last comment was for CD COP...
0
 

Author Comment

by:mmurray46
ID: 12202876
OK Joe - Do I have this right?

1) Share permissions for Staff Folder = Domain Users (Change and READ)

2) Security Tab for Domain Users (Which I suspect is the same as NTFS) = (UNDER ADVANCED -> for Domain Users -> List Folder/Read Data -> This Folder and Subfolders.  Thats it.

3) On Individual Security Tab for "Person" folders: Under ADVANCED - Domain Users get change permissions only for This Folder and subfolders.  That's it.

*Admin is given full for all directories.

Is this correct?
0
 
LVL 9

Expert Comment

by:CDCOP
ID: 12204541
Sorry...im back...you can just give them read access to other users folders. The settings are just as they appear. If you give a user read access to a folder that user can read that folder, and that is all. If you would like them to write to a folder, give them write access.
0
 

Author Comment

by:mmurray46
ID: 12204989
Well thanks - I was hoping for a close look at my last with a verification because if I got the instructions right, they're not right because right now, nobody can write to any folders.
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
Learn about cloud computing and its benefits for small business owners.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Many functions in Excel can make decisions. The most simple of these is the IF function: it returns a value depending on whether a condition you describe is true or false. Once you get the hang of using the IF function, you will find it easier to us…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now