Solved

Sharing/Security Information for folders and subfolders

Posted on 2004-10-07
2
638 Views
Last Modified: 2013-12-04
I have few questions arised in my mind which are as follows:

(1) I have Windows 2003 Server installed in my Server. My clients are connected with the domain. I have created a shared folder for every users and assigned permission to specific users as read only or Full Access etc. I know we can have subfolder(s) within the shared folder. Can I assign permission to that subfolder different from the shared root folder. How can I do that?
The subfolder should not be shared. The subfolder should inherit the sharing from the root folder.  

Example: If my root shared folder has full access permission for everyone or for a specific user and I want to assign for a specific user No Access or Read only permissions on the subfolder. How can I assign a different permission on the subfolder(s)for specific users?

(2) What is the difference between the Permissions in Sharing Tab and the Security TAB of folder propertise?

(3) I have a file in the shared folder of my domain. It has Read Only permission. When we execute the particular file we cannot make any changes in that file. But we can save the file in our local hard drive.
How can I restrict the file for saving into the local hard disk? The files should be restricted to Read Only.

Awaiting your reply
Regards
Sameer M. Aziz
0
Comment
Question by:smaziz
2 Comments
 

Expert Comment

by:Clayton555
ID: 12246833
Hi,

1.) On the root share, enable Read Only SHARING permissions for everyone (on the sharing tab).

On the SECURITY tab, give full access permissions for everyone who needs to access the files in the shared folder, and all subfolders.  By default, all permissions on the subfolders are inherited from the parent folder.

To block certain subfolders from inheriting the permissions, right click the subfolder you want to block, select Properties, select Security tab, click Advanced.  At the bottom of that window, there is a tick box which says "Inherit from parent the permissions entries etc ect ect".  Untick this box.  A popup box will appear - click remove.  You now need to specify which users need permissions to this subfolder, as there will now be no permissions, as it wont have been inherited.  Dont forget to add yourself, otherwise you wont be able to get access to that subfolder either.

To summerize you are basically removing the inherited permissions, and giving specific permissions on that subfolder.

2.)  The difference between Sharing tab and Security tab:  If sharing is enabled, it allows that folder to be visible on the network - thats all.  

Full control sharing to everyone means anyone can stop that folder being shared.  Read only sharing to everyone means everyone can see the share, but can't disable the sharing.

Security tab is your permissions to the subfolders and files within the share.  Once you enable sharing, you need to actually set security permissions so people can actually open the share and see the folders and files - not just see it.  By default Everyone has read only security permissions, so on a new share everyone can see the contents.

3.)There is no way you can really stop people saving documents from the network share onto their local machines.  The idea of read only permissions on a network is to stop for example, a template being overwritten.

Its not feasable to prevent documents being saved locally.  As long as the document can be viewed, it can be taken elsewhere - for example a screenshot, someone writing down the information on a piece of paper, it being saved to a floppy disk etc etc

Hope this helps
0
 
LVL 20

Accepted Solution

by:
Debsyl99 earned 500 total points
ID: 12248022
Hi

(2) What is the difference between the Permissions in Sharing Tab and the Security TAB of folder propertise? - Quite a big difference really. Security permissions relate to NTFS permissions - which can only be used with NTFS file system - ie Windows NT/2000/2003 Servers/XP Pro/2000 Pro, not FAT32 etc. You'll notice that you can do a lot more with NTFS permissions than you can with ordinary share permissions. Even if you set share permissions to everyone, you can restrict access using NTFS Security Permissions.

Useful Articles here - You'll need to sign into the first link to read it all but you can sign up for free
Share versus NTFS Permissions
http://www.cramsession.com/articles/files/share-versus-ntfs-permiss-9162003-1702.asp?
Managing Windows NT Security (Useful to read all 5 pages - see at the bottom of the link page)
http://www.windowsitlibrary.com/Content/226/08/2.html

Regarding Point 3 - Whilst there never used to be a standard Microsoft Way of doing what you wanted things may have changed slightly. You could look into this - Windows Rights Management
Windows Rights Management Services
http://www.microsoft.com/windowsserver2003/technologies/rightsmgmt/default.mspx
Rights Management Add-on for Internet Explorer
http://www.microsoft.com/windows/ie/downloads/addon/default.mspx

I've just started looking at it as a means of making various documents available for users to read and print without them being able to copy them. It appears to be able to do the job, so long as the files are produced with rights management enabled software (a potential snag). However you can create rights managed documents with Office 2003 Pro, and there's a software development kit. Definitely worth a look if you're starting off a new network,

Deb :))
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This is a video that shows how the OnPage alerts system integrates into ConnectWise, how a trigger is set, how a page is sent via the trigger, and how the SENT, DELIVERED, READ & REPLIED receipts get entered into the internal tab of the ConnectWise …

937 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

1 Experts available now in Live!

Get 1:1 Help Now