Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Sharing/Security Information for folders and subfolders

Posted on 2004-10-07
2
Medium Priority
?
647 Views
Last Modified: 2013-12-04
I have few questions arised in my mind which are as follows:

(1) I have Windows 2003 Server installed in my Server. My clients are connected with the domain. I have created a shared folder for every users and assigned permission to specific users as read only or Full Access etc. I know we can have subfolder(s) within the shared folder. Can I assign permission to that subfolder different from the shared root folder. How can I do that?
The subfolder should not be shared. The subfolder should inherit the sharing from the root folder.  

Example: If my root shared folder has full access permission for everyone or for a specific user and I want to assign for a specific user No Access or Read only permissions on the subfolder. How can I assign a different permission on the subfolder(s)for specific users?

(2) What is the difference between the Permissions in Sharing Tab and the Security TAB of folder propertise?

(3) I have a file in the shared folder of my domain. It has Read Only permission. When we execute the particular file we cannot make any changes in that file. But we can save the file in our local hard drive.
How can I restrict the file for saving into the local hard disk? The files should be restricted to Read Only.

Awaiting your reply
Regards
Sameer M. Aziz
0
Comment
Question by:smaziz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 

Expert Comment

by:Clayton555
ID: 12246833
Hi,

1.) On the root share, enable Read Only SHARING permissions for everyone (on the sharing tab).

On the SECURITY tab, give full access permissions for everyone who needs to access the files in the shared folder, and all subfolders.  By default, all permissions on the subfolders are inherited from the parent folder.

To block certain subfolders from inheriting the permissions, right click the subfolder you want to block, select Properties, select Security tab, click Advanced.  At the bottom of that window, there is a tick box which says "Inherit from parent the permissions entries etc ect ect".  Untick this box.  A popup box will appear - click remove.  You now need to specify which users need permissions to this subfolder, as there will now be no permissions, as it wont have been inherited.  Dont forget to add yourself, otherwise you wont be able to get access to that subfolder either.

To summerize you are basically removing the inherited permissions, and giving specific permissions on that subfolder.

2.)  The difference between Sharing tab and Security tab:  If sharing is enabled, it allows that folder to be visible on the network - thats all.  

Full control sharing to everyone means anyone can stop that folder being shared.  Read only sharing to everyone means everyone can see the share, but can't disable the sharing.

Security tab is your permissions to the subfolders and files within the share.  Once you enable sharing, you need to actually set security permissions so people can actually open the share and see the folders and files - not just see it.  By default Everyone has read only security permissions, so on a new share everyone can see the contents.

3.)There is no way you can really stop people saving documents from the network share onto their local machines.  The idea of read only permissions on a network is to stop for example, a template being overwritten.

Its not feasable to prevent documents being saved locally.  As long as the document can be viewed, it can be taken elsewhere - for example a screenshot, someone writing down the information on a piece of paper, it being saved to a floppy disk etc etc

Hope this helps
0
 
LVL 20

Accepted Solution

by:
Debsyl99 earned 2000 total points
ID: 12248022
Hi

(2) What is the difference between the Permissions in Sharing Tab and the Security TAB of folder propertise? - Quite a big difference really. Security permissions relate to NTFS permissions - which can only be used with NTFS file system - ie Windows NT/2000/2003 Servers/XP Pro/2000 Pro, not FAT32 etc. You'll notice that you can do a lot more with NTFS permissions than you can with ordinary share permissions. Even if you set share permissions to everyone, you can restrict access using NTFS Security Permissions.

Useful Articles here - You'll need to sign into the first link to read it all but you can sign up for free
Share versus NTFS Permissions
http://www.cramsession.com/articles/files/share-versus-ntfs-permiss-9162003-1702.asp?
Managing Windows NT Security (Useful to read all 5 pages - see at the bottom of the link page)
http://www.windowsitlibrary.com/Content/226/08/2.html

Regarding Point 3 - Whilst there never used to be a standard Microsoft Way of doing what you wanted things may have changed slightly. You could look into this - Windows Rights Management
Windows Rights Management Services
http://www.microsoft.com/windowsserver2003/technologies/rightsmgmt/default.mspx
Rights Management Add-on for Internet Explorer
http://www.microsoft.com/windows/ie/downloads/addon/default.mspx

I've just started looking at it as a means of making various documents available for users to read and print without them being able to copy them. It appears to be able to do the job, so long as the files are produced with rights management enabled software (a potential snag). However you can create rights managed documents with Office 2003 Pro, and there's a software development kit. Definitely worth a look if you're starting off a new network,

Deb :))
0

Featured Post

Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question