?
Solved

domain shared folder access restrictions

Posted on 2004-11-09
9
Medium Priority
?
289 Views
Last Modified: 2010-04-11
hello, i hope someone can help me sort out this situation.

we have a shared folder lets call it "Folder1".  Folder1 needs to be accessible from 5 different users on the domain and no one else.  

Now heres where the problem comes in; when i add the users into sharing permissions, give them full access,  and then try to acces the folder from each of those accounts i can't view the share any longer.  
When i enable full access to group "Everyone" then the users and the rest of the network have access to the folder which is bad.  I even tried creating a group with all 5 users added into it to see if just adding the group to the share access would work but that didn't work either.

thanks,
matt.
0
Comment
Question by:dosle
9 Comments
 
LVL 88

Expert Comment

by:rindi
ID: 12542674
Did you just give the users access via the sharing option? If not, you will also have to adjust the properties of the folder itself via security. The allowed user group must also be allowed the correct access in Security. Also make sure those users are member of that Group, but I guess you have done that. Don't forget to remove the "everyone" group from that folder. If you have restricted the access for "everyone", that will have precedence over the other users and groups entered in that folder, as every user every user is a member of the "everyone" group. Also remove other groups from the folder which shouldn't be allowed access. If those users who should be allowed access and they are a member of a further group which isn't allowed access, it is always the restrictive group which takes preference.
0
 
LVL 1

Author Comment

by:dosle
ID: 12545281
i just removed the 'Everyone" group in both sharing and file security, so now its just my user trying to access the share, all privledges, with no success.
0
 
LVL 1

Author Comment

by:dosle
ID: 12545507
I think I just partially figured out the problem, when all our computers were set up some of them log onto the Domain and some are local.  I tested it by logging off the local account which is what i was testing on all this time, then logging onto to the domain and i was able to acccess the share just fine.

now is there a way for those computers that log on locally to get access?
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 
LVL 1

Expert Comment

by:ajschw
ID: 12551924
local accounts won't have permissions on the domain...if the shared folder is on the server, then no, at least not to my knowledge. When you set security permissions on the domain, you can't set it to a local computer account. What is stopping you from putting the local account on the domain though?
0
 
LVL 1

Expert Comment

by:ajschw
ID: 12551942
Here is the exception: if you create an account on the server that is the same exact user name and password as the local account, even if they don't use the domain account and still use their local account, windows cannot tell the difference...I just tried it here. So basically, let's say user bob has a local account, and you want him to have access to a shared folder on the domain, create an account in active directory for him and tell him to set the password that is the same as his local account...But that depends again on why bob wouldn't have a domain account to begin with...
hope this helps
adam
0
 
LVL 1

Author Comment

by:dosle
ID: 12559131
so my only option is to have the users log onto the domain.  when they log onto the domain though its nothing like there local account which thy are accustomed to using.  this is why i am staying away from moving everyone (70 users) over to domain logon, unless someone has a method that can help the situation.  
0
 
LVL 2

Expert Comment

by:Problem_Solver
ID: 12571759
It sounds like you need to setup roaming profiles, it depends on the client OS how to transfer the local profile to the roaming profile stored on the server, so can't help more without knowing the versions of server & client OS, in the longer term learning about policies & profiles may make your admin time easier.

Steve
0
 
LVL 4

Accepted Solution

by:
poseidoncanuck earned 500 total points
ID: 12713242
Dosle, you imply in your last comment that when the person logs on with their new domain account, their old settings are missing (e.g. Desktop, wallpaper, browser Favorites, email, etc.)?  If this is the case, there's a simple solution that WILL allow you to migrate everyone over to using their domain account, and stop using those silly local accounts :)
http://support.microsoft.com/kb/314045/EN-US

I've done this many times before, and it works fine.  When following this KB article, perform the steps under "Grant Full Control Permission for the User Profile Folder" and "Edit the User Profile Registry Key".  Where they say "old user profile", "your restored user profile" or "the profile folder that you are restoring", that's the user's original profile for the local user account; where they say "your user profile folder", that's the user's new profile folder.

You could take one of two approaches:
- grant Full Control permissions for the old profile folder to the domain user account, and point both logons to the same Profile folder, or
- grant Full Control permissions for the old profile directory to the domain user account, remove the local account's permissions to the folder, and change the ProfileImagePath setting for the domain account to point to the old profile folder.

Personally, I'd prefer the latter choice, as it strongly encourages your users to stick with the domain account.  If you gave them the either/or choice, there's a lot less incentive to use the "new" domain account approach.
0
 
LVL 1

Author Comment

by:dosle
ID: 12716382
thanks for the input.  I will be testing this approach on some machines soon :)
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An overview of cyber security, cyber crime, and personal protection against hackers. Includes a brief summary of the Equifax breach and why everyone should be aware of it. Other subjects include: how cyber security has failed to advance with technol…
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question