Inherited SBS 2003.
Created own OU's not using 'My Business'.... ones created by default.
Have one folder with a couple of excel files in it. I want to restrict the folder so only 5 users can read/write and all other users read-only.
Folder name: ABC
Group 1: Global Read Only Group
Group 2; Global Write Group
5 users in Group2 and all other users in Group1
Security Permissions: Administrators - full, Group1 - Read, Deny Write , Group 2 - Read/write
Any user I add to either Group does absolutely nothing. Example, I add User1 to Group1 and I can still open, write, delete, create, everything. If I remove all groups from security permissions and only leave Administrators, anyone can access the folder and open/read/write/delete.
If add User1 explicitly to the security permissions, it works.
I have removed setting Inherite Permissions from parent folder. I have tried 4 different user accounts. Owner of file is administrator.
Also, all users should be created using the Add-User wizard and the SBS user templates. There are too many functions that need to be configured simulataneoulsly to do this manually. Because SBS is a preconfigured server that has numerous services running together on the same machine that would never be running together on a standard server, you need to use the wizards in order to not break anything.
So, first move all users back into MyBusiness\Users\SBSUsers
There are wizards for Security Groups as well. I would suggest that you create a new User Template for those that you want in Group 1 and another for those that you want in Group 2 (actually you should COPY the default USER template to start with).
Then, create two Security Groups (1 & 2) and add it to each new template accordingly.
Next, add those Security Groups to your NTFS permissions for the folders you are looking to protect.
Finally, if you've already created these users, run the Change User Permissions wizard to apply the appropriate template to whichever users you like. If you haven't created a user yet, then use the add-user wizard and select the appropriate template to create your user.
Obviously this is quite a different procedure than what you would do on a standard Server 2003... but by following this method, you will not only get the permissions set the way you want, but you will also be able to keep the assigned quotas in place, the appropriate SharePoint user accounts, etc.
I might mention however, that what you are doing is handled by SharePoint quite well... and you may want to look into using SharePoint instead of standard NTFS files/folders. There are preconfigured SharePoint roles which address what you are seeking to do... by default standard users are granted the "Contributor" role appropriate for your Group 2, but you could certainly make a separate User Template for Group 1 that would grant them the "reader" role.
Files stored in SharePoint are actually in SQL server (MSDE if you have SBS Standard, SQL Server if SBS Premium -- which allows for full text search). Document libraries in SharePoint are accessed easily via http://companyweb.
Jeff
TechSoEasy