Link to home
Create AccountLog in
Avatar of doddwell
doddwellFlag for United Kingdom of Great Britain and Northern Ireland

asked on

Windows 2003 Server Permissions

Hello
I have just set up a Win 2003 File Server and I'm trying to set the permissions.
I have this folder structure:

CompanySharedFolder
-----DepartmentA
----------User1
----------User2
----------DepartmentAShare
-----DepartmentB
----------User3
----------User4
----------DepartmentBShare

I want to give each user read/write access to their user folder AND to their department share folder

I have created a global security group for each department (DeptA and DeptB) and added the relevant users to the security groups.

I have applied the security as follows:
For DepartmentA:
DeptA gets full control of DepartmentA
User1 gets full control of User1 folder
User2 gets full control of User2 folder

For DepartmentB:
DeptB gets full control of DepartmentB
User4 gets full control of User3 folder
User4 gets full control of User4 folder

I can't get seem to give the users write access to their folders or the shared departmental folder.  But they do get read only access.

Can anyone help?  Thanks, Simon
ASKER CERTIFIED SOLUTION
Avatar of Brian
Brian
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Oh...and personally, I NEVER EVER give Full Control to anybody outside of Domain Admins/local administrators on the server.  It's just not needed.  Modify rights give the users the abilities they need.  Giving them Full Control of a directory allows them to change the permissions on the files/folders in that directory, essentially granting/denying access as they see fit.
Avatar of doddwell

ASKER

How do I set the Share Permissions to Read/Write for everyone?...and do I do it just at top level or do I have to do it at every folder?
You do it at the share level.  Easiest way is to right click my computer, manage, then go to Shares,  right click the share, properties, share permissions.
I think what TheCleaner means to share is he sets those permissions on NTFS which I 100% agree with.  There are only 3 share level permission, FC, Change and Read.  If you give domain users FC on the Share they will still be restricted to what you have on the NTFS permissions.

Brian
Brian,

Actually here's what I do:

Share level

  - Domain admins - Full Control

  - Everyone - Change and Read


NTFS level

  - Domain admins - Full Control

  - anyone else that needs access (domain users, groups, etc.) gets Modify rights AT THE MOST



I don't give Full Control at the share level to ordinary users because I don't want them using some utility to change the share permissions (not that I've ever seen this done...but I'm anal)

and I don't give Full Control to anyone expect administrators at the NTFS level because I don't want them changing the permissions/security in the folders/files.


:)
I see, You said you read/write above on the Share you meant change.  Yep nothing wrong with that philosphy.

Brian