doddwell
asked on
Windows 2003 Server Permissions
Hello
I have just set up a Win 2003 File Server and I'm trying to set the permissions.
I have this folder structure:
CompanySharedFolder
-----DepartmentA
----------User1
----------User2
----------DepartmentAShare
-----DepartmentB
----------User3
----------User4
----------DepartmentBShare
I want to give each user read/write access to their user folder AND to their department share folder
I have created a global security group for each department (DeptA and DeptB) and added the relevant users to the security groups.
I have applied the security as follows:
For DepartmentA:
DeptA gets full control of DepartmentA
User1 gets full control of User1 folder
User2 gets full control of User2 folder
For DepartmentB:
DeptB gets full control of DepartmentB
User4 gets full control of User3 folder
User4 gets full control of User4 folder
I can't get seem to give the users write access to their folders or the shared departmental folder. But they do get read only access.
Can anyone help? Thanks, Simon
I have just set up a Win 2003 File Server and I'm trying to set the permissions.
I have this folder structure:
CompanySharedFolder
-----DepartmentA
----------User1
----------User2
----------DepartmentAShare
-----DepartmentB
----------User3
----------User4
----------DepartmentBShare
I want to give each user read/write access to their user folder AND to their department share folder
I have created a global security group for each department (DeptA and DeptB) and added the relevant users to the security groups.
I have applied the security as follows:
For DepartmentA:
DeptA gets full control of DepartmentA
User1 gets full control of User1 folder
User2 gets full control of User2 folder
For DepartmentB:
DeptB gets full control of DepartmentB
User4 gets full control of User3 folder
User4 gets full control of User4 folder
I can't get seem to give the users write access to their folders or the shared departmental folder. But they do get read only access.
Can anyone help? Thanks, Simon
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Oh...and personally, I NEVER EVER give Full Control to anybody outside of Domain Admins/local administrators on the server. It's just not needed. Modify rights give the users the abilities they need. Giving them Full Control of a directory allows them to change the permissions on the files/folders in that directory, essentially granting/denying access as they see fit.
ASKER
How do I set the Share Permissions to Read/Write for everyone?...and do I do it just at top level or do I have to do it at every folder?
You do it at the share level. Easiest way is to right click my computer, manage, then go to Shares, right click the share, properties, share permissions.
I think what TheCleaner means to share is he sets those permissions on NTFS which I 100% agree with. There are only 3 share level permission, FC, Change and Read. If you give domain users FC on the Share they will still be restricted to what you have on the NTFS permissions.
Brian
Brian
Brian,
Actually here's what I do:
Share level
- Domain admins - Full Control
- Everyone - Change and Read
NTFS level
- Domain admins - Full Control
- anyone else that needs access (domain users, groups, etc.) gets Modify rights AT THE MOST
I don't give Full Control at the share level to ordinary users because I don't want them using some utility to change the share permissions (not that I've ever seen this done...but I'm anal)
and I don't give Full Control to anyone expect administrators at the NTFS level because I don't want them changing the permissions/security in the folders/files.
:)
Actually here's what I do:
Share level
- Domain admins - Full Control
- Everyone - Change and Read
NTFS level
- Domain admins - Full Control
- anyone else that needs access (domain users, groups, etc.) gets Modify rights AT THE MOST
I don't give Full Control at the share level to ordinary users because I don't want them using some utility to change the share permissions (not that I've ever seen this done...but I'm anal)
and I don't give Full Control to anyone expect administrators at the NTFS level because I don't want them changing the permissions/security in the folders/files.
:)
I see, You said you read/write above on the Share you meant change. Yep nothing wrong with that philosphy.
Brian
Brian