Solved

Sharing/Security Information for folders and subfolders

Posted on 2004-10-07
2
645 Views
Last Modified: 2013-12-04
I have few questions arised in my mind which are as follows:

(1) I have Windows 2003 Server installed in my Server. My clients are connected with the domain. I have created a shared folder for every users and assigned permission to specific users as read only or Full Access etc. I know we can have subfolder(s) within the shared folder. Can I assign permission to that subfolder different from the shared root folder. How can I do that?
The subfolder should not be shared. The subfolder should inherit the sharing from the root folder.  

Example: If my root shared folder has full access permission for everyone or for a specific user and I want to assign for a specific user No Access or Read only permissions on the subfolder. How can I assign a different permission on the subfolder(s)for specific users?

(2) What is the difference between the Permissions in Sharing Tab and the Security TAB of folder propertise?

(3) I have a file in the shared folder of my domain. It has Read Only permission. When we execute the particular file we cannot make any changes in that file. But we can save the file in our local hard drive.
How can I restrict the file for saving into the local hard disk? The files should be restricted to Read Only.

Awaiting your reply
Regards
Sameer M. Aziz
0
Comment
Question by:smaziz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 

Expert Comment

by:Clayton555
ID: 12246833
Hi,

1.) On the root share, enable Read Only SHARING permissions for everyone (on the sharing tab).

On the SECURITY tab, give full access permissions for everyone who needs to access the files in the shared folder, and all subfolders.  By default, all permissions on the subfolders are inherited from the parent folder.

To block certain subfolders from inheriting the permissions, right click the subfolder you want to block, select Properties, select Security tab, click Advanced.  At the bottom of that window, there is a tick box which says "Inherit from parent the permissions entries etc ect ect".  Untick this box.  A popup box will appear - click remove.  You now need to specify which users need permissions to this subfolder, as there will now be no permissions, as it wont have been inherited.  Dont forget to add yourself, otherwise you wont be able to get access to that subfolder either.

To summerize you are basically removing the inherited permissions, and giving specific permissions on that subfolder.

2.)  The difference between Sharing tab and Security tab:  If sharing is enabled, it allows that folder to be visible on the network - thats all.  

Full control sharing to everyone means anyone can stop that folder being shared.  Read only sharing to everyone means everyone can see the share, but can't disable the sharing.

Security tab is your permissions to the subfolders and files within the share.  Once you enable sharing, you need to actually set security permissions so people can actually open the share and see the folders and files - not just see it.  By default Everyone has read only security permissions, so on a new share everyone can see the contents.

3.)There is no way you can really stop people saving documents from the network share onto their local machines.  The idea of read only permissions on a network is to stop for example, a template being overwritten.

Its not feasable to prevent documents being saved locally.  As long as the document can be viewed, it can be taken elsewhere - for example a screenshot, someone writing down the information on a piece of paper, it being saved to a floppy disk etc etc

Hope this helps
0
 
LVL 20

Accepted Solution

by:
Debsyl99 earned 500 total points
ID: 12248022
Hi

(2) What is the difference between the Permissions in Sharing Tab and the Security TAB of folder propertise? - Quite a big difference really. Security permissions relate to NTFS permissions - which can only be used with NTFS file system - ie Windows NT/2000/2003 Servers/XP Pro/2000 Pro, not FAT32 etc. You'll notice that you can do a lot more with NTFS permissions than you can with ordinary share permissions. Even if you set share permissions to everyone, you can restrict access using NTFS Security Permissions.

Useful Articles here - You'll need to sign into the first link to read it all but you can sign up for free
Share versus NTFS Permissions
http://www.cramsession.com/articles/files/share-versus-ntfs-permiss-9162003-1702.asp?
Managing Windows NT Security (Useful to read all 5 pages - see at the bottom of the link page)
http://www.windowsitlibrary.com/Content/226/08/2.html

Regarding Point 3 - Whilst there never used to be a standard Microsoft Way of doing what you wanted things may have changed slightly. You could look into this - Windows Rights Management
Windows Rights Management Services
http://www.microsoft.com/windowsserver2003/technologies/rightsmgmt/default.mspx
Rights Management Add-on for Internet Explorer
http://www.microsoft.com/windows/ie/downloads/addon/default.mspx

I've just started looking at it as a means of making various documents available for users to read and print without them being able to copy them. It appears to be able to do the job, so long as the files are produced with rights management enabled software (a potential snag). However you can create rights managed documents with Office 2003 Pro, and there's a software development kit. Definitely worth a look if you're starting off a new network,

Deb :))
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
OfficeMate Freezes on login or does not load after login credentials are input.
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question