salsipius
asked on
Still Having Permission Problems??? Don't Get it.
OK Guys/Gals sorry for the 3rd similar question but myself and the other 3 IT guys here are stumped.
I have had to setup a new server, Win2003, set it up as a Domain Controller, Install active Directory and add some users to my organization.
OK I create a Folder On the C: drive called General, in general I create a folder for my users. Bob.Smith and so on.
When I create general, I leave the permissions as they were by default. But on Bob.Smith I want to make this folder only available to Bob Smith.
I would like Bob to be able to map this folder without creating a share to the folder. To do this I create his folder, go to security, Add Bob smith to the folder, take away inheritable permissions so it doesn't take it's settings from the General folder and click apply. So far so good. My problem is Even though I can see and map the drive, I am denied write access to the secure folder.
My company is grinding to a halt, I need help bad please....................
The share permission is read only by default, change at "Sharing and Security" on general folder.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Echoing the previous responses, permissions need to be set at the share and NTFS levels. For share level permissions, the usual is to set full access for authenticated users. The default Everyone group is not recommended, as unauthenticated users will be able to access the share. For NTFS permission on the General folder, set it to list for authenticated users, full for admins. Then set NTFS permissions accordingly on the users folders.
You don't require share permissions if you arn't sharing the folder. Set the sharing to DO NOT SHARE.. the permissions button should be greyed out.
On the Security tab, untick AAllow inheritable permissions...
Remove any unnecessary users (if any) - Do not give the EVERYONE group permisisons.
Add the AD user and tick FULL CONTROL
Click the ADVANCED button, click the OWNER tab, tick REPLACE owner with the AD user listed.
Click OK.
Use the Home Directory field in the AD user properties to map to the home dir.
On the Security tab, untick AAllow inheritable permissions...
Remove any unnecessary users (if any) - Do not give the EVERYONE group permisisons.
Add the AD user and tick FULL CONTROL
Click the ADVANCED button, click the OWNER tab, tick REPLACE owner with the AD user listed.
Click OK.
Use the Home Directory field in the AD user properties to map to the home dir.
ASKER
After all I have been through, I can't believe I missed that. Thanks a heap, All is good now.
J
J