Solved

Permissions Questions

Posted on 2004-10-01
7
185 Views
Last Modified: 2010-04-19
Thanks.  Windows 2003 Server (Mac File Sharing is On) Here's the scenario:

Volume D:
   Staff Folder (Shared)
      Person1
      Person2
      Person3
      Etc.

How do I set permissions for domain users to NOT be able to write anything at the Staff Folder level but be able to drop files and copy files to and from any "Person" folder.  Users should not be able to delete anything except thier own content from thier own folders.  PLEASE GIVE DETAILED RESPONSE or STEP BY STEP.

I've been stumbling through Sharing permissions, the Security Tab and the Advanced Security Settings too long now trying to nail this.  

0
Comment
Question by:mmurray46
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 9

Accepted Solution

by:
CDCOP earned 125 total points
ID: 12202374
Well depending on how you have your domain setup, and how many users you have, there are a couple of ways to handle this task.

You can Remove the everyone group under secuirity settings and replace with Authenticated users (Make sure you have administrators group in there always so you have access to it). This will make is so only users you have in your domain can access that folder. You may also want to remove certian settings for Authenticated users. The way it sounds, all you need is list files/folder and read so users can only navigate to their own folder and not mess with anyone elses. You will have to remove all users under security tab for each Person folder, then replace with the user that needs access to it and admin of course. You can give them full control since they are the folder owner.

* To remove all users from a folder you may have to take the check out of "Use inheritable..." on the security tab
* If you have a domain then you dont need sharing, because the users already have an account on the domain so you can just setup security settings for them.
0
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 12202685
CDCOP has the correct answer here...  But just to make it more clear, look at this:

Step 1:

   Staff Folder (Shared) (Share access = Authenticated Users = Change ;  NFTS= Authenticated users need List Files/Folders for this and all subdirectories.
      Person1
      Person2
      Person3
     
This gives everyone the ability to "WALK" down the directory structure.  But none of them can get into any of the sub folders.


(By the way, you might want to chang Authenticated users group to a group that is more specific...one that contians just the users that need access)

Step 2:

Give NTFS access to the appropriate users at the subfolder level:

   
      Person1  (give Change Rights here and subfolders for the group that needs full access to this dir)
      Person2  (give Change Rights here and subfolders for the group that needs full access to this dir)
      Person3  (give Change Rights here and subfolders for the group that needs full access to this dir)

Hope this helps

Joe Poandl MCSE

     
0
 

Author Comment

by:mmurray46
ID: 12202698
Thanks.  You state: "it sounds, all you need is list files/folder and read so users can only navigate to their own folder and not mess with anyone elses".  However, one of my conditions is that the users must be able to drop files into and copy files from any other "Person" folder.  I just don;t want them to be able to delete anyone else's stuff.  

You did confirm my suspicion, however, that I will be looking at making a trip to 60 people's security tabs...
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 

Author Comment

by:mmurray46
ID: 12202709
That last comment was for CD COP...
0
 

Author Comment

by:mmurray46
ID: 12202876
OK Joe - Do I have this right?

1) Share permissions for Staff Folder = Domain Users (Change and READ)

2) Security Tab for Domain Users (Which I suspect is the same as NTFS) = (UNDER ADVANCED -> for Domain Users -> List Folder/Read Data -> This Folder and Subfolders.  Thats it.

3) On Individual Security Tab for "Person" folders: Under ADVANCED - Domain Users get change permissions only for This Folder and subfolders.  That's it.

*Admin is given full for all directories.

Is this correct?
0
 
LVL 9

Expert Comment

by:CDCOP
ID: 12204541
Sorry...im back...you can just give them read access to other users folders. The settings are just as they appear. If you give a user read access to a folder that user can read that folder, and that is all. If you would like them to write to a folder, give them write access.
0
 

Author Comment

by:mmurray46
ID: 12204989
Well thanks - I was hoping for a close look at my last with a verification because if I got the instructions right, they're not right because right now, nobody can write to any folders.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question