• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 294
  • Last Modified:

Permissions

I have a shared folder on our DC that is called Common. This folder is where everyone puts there files and folders that they want to share with everyone else. Within this Common folder i have a folder called (Example) that has files and other folder inside it. I only want 5 people to have full access to the (Example) folder and files and then the rest of the users to have read only and list contents. How can i go about doing this? I have found a way but i know its not the correct way. I am having to go through every file and folder and take ownership and then add the people and set there permissions. I dont think this is the correct way though. It takes way to long.

Thanks for the help.
0
hcl1
Asked:
hcl1
  • 6
  • 5
4 Solutions
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
When setting permissions, you should NOT be assigning permissions to individuals.  Create groups and then assign people to groups and groups (via permissions) to folders.

So:
Create an appropriately named group that needs access to the Example folder - we'll call the group "Sample Group"

Share "Common" - Share permissions should be EVERYONE:Full Control
                            - NTFS permissions should be EVERYONE:Full Control
Sub folder of Common, "Example" - NTFS permissions should disable inheritance and then set Everyone:Read Only, then set Sample Group:Full Control.
0
 
dooleydogCommented:
here it is:

\\server\shared_folder

Give the group everyone or domain users (better than everyone) to have read to this folder
Create a group with the appropriate users who need Full Control and give this group FC to this resource.

you can also change or do similar things to this for sub folders.

Good Luck,
0
 
hcl1Author Commented:
Ok i made the (Sample group) and applied the 5 people to it then i went back to the Common Folder and the Share permissons were already Full Control and the NTFS permissions i had to add the Everyone and put Full Control for them.

Then i went inside the Common folder to the Example folder and right clicked on it and removed everybody from it. then i added the Group that i made and i added "EVERYONE" with "Read & List Folder Contents". After that i went inside the Example folder and started checking the files and folders but the permissions did not drill down to them. How do i do that? Do i have to add them to each file and folder within the Example folder?

Thanks again
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
hcl1Author Commented:
I guess it did apply to all files and folders but did not take away all the other users i had put in before. Also i had put for the EVERYONE "Read & List Folder Contents" but when i drill down to the files and folders the EVERYONE just has "Read". Why did it take the List Contents away?

Confusing stuff

Thanks
0
 
hcl1Author Commented:
Some of the files also say when i right click on them and go to properties that i do not have permisson to view or edit this file but can take ownership of it. Why would it do that. I am on the DC as Admin
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
You're overthinking this.  Just set permissions to READ ONLY - forget List Contents.  Read Only covers that.

When you change/set the permissions on the Example folder, you also need to make sure the new permissions apply to all child objects.
0
 
hcl1Author Commented:
So i need to check the box that says "Replace permissions entries on all child objects with entries shown here that apply to child objects"?

I always Overthink things :)

thanks
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
Yes, from the Example folder.
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
By the way, for administration and management purposes, I recommend this:

ALWAYS grant Domain Admins and the "System" account FULL CONTROL over all files/folders/disks.  You have to trust your admins - if you don't they shouldn't be your admins.  The system account can sometimes be used by programs such as backup and antivirus software, so that needs access.

After that, with RARE exception, do NOT assign permissions to users.  It gets very messy and diificult to manage - especially over time as people leave and new people are added.  By doing everything with groups, you can more easily manage who gets access to what when.  Also, there is no need to alter/add/remove people from the NTFS permissions which you may have noticed by now, in large folders, can take some seconds or even minutes or longer to complete.
0
 
hcl1Author Commented:
I finally got it and i understand now also. Thanks a bunch on the help and advise. I am going to start making groups now.

Thanks
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
EXCEPTION - Assign users directly with permissions to their own home folders.  Other than that, everything else with RARE, RARE exception should be done with groups.
0
 
hcl1Author Commented:
Yeah everybody's "Home" folders is "My Documents" and then i have GP set up for the folder redirection. Only they can get into there home folder.
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now