Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 461
  • Last Modified:

how to make a public folder read only to everyone but full control to certain users

We have  a drive in one of our server that is shared and we call it Public Folder where in all users can share their data to everyone that needed it.  Unfortunately, due to everyone having full control there are some folders (ex. estimating)in Public Folder that everyone can have read only permissions and only certain users can have full control of that folder.

How can I restrict everyone to have full control and give certain users full control to a particular folder that is in our Public Folder?

Please help,  I tried to share that folder, gave everyone read only and certain user a full control but it did not work.  Please help me how to accomplish this task.  Please give me detail instructions of to do this.  

Please email me at niorpar@yahoo.com

Sincerely,
3jmj
0
3jmj
Asked:
3jmj
1 Solution
 
gbirkemeierCommented:
Permissions always apply the most restrictive policy. You need to set up seperate groups that have real only and full access. Also make sure subdirectories are inheriting permissions like you want.
0
 
r-kCommented:
Your problem is that the "Estimating" folder is inheriting permissions from the main Public folder.

To fix this, right-click on the Estimating folder, click on "Properties", then "Security" then "Advanced", and un-check the box that reads "inherit from parent..." and click "Copy" in the next dialog.

After that you'll be able to manipulate permissions on the "Estimating" folder separately from the main folder.

If you have lots of users then do create groups as suggested above, it will simplify the job. If you have few users then you can assign permissions for usernames directly.
0
 
3jmjAuthor Commented:
I had done what you had written above, when I tried it, it did not work.  I am having one of the user this mondayy to try it then I will let  you know if it worked or now.  Thank you... 3jmj
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
DaMaestroCommented:
This illustration is for example only based on the info provided. I myself would only give list permissions for the users in the domain, and only read/change permissions to those who’s job actually requires the data in the subfolders. I prefer file/folder level permissions; it’s easier to troubleshoot permissions issues this way. Share level permissions require connections to the server to troubleshoot.

Example: Domain: NA  ;  Server: FS1  ; Share: Public   ; Subfolder1: Estimating   ;  Subfolder2: HR

You may need to reset permissions on all child objects from the parent to all subfolders before going to each subfolder and adding the Full permissions for those groups. It would also help if you have one group defined in AD for the permissions on that folder in that share, that way you don’t end up adding individual people to each folder on individual servers. It will also be faster when you change all the ACLS. Plan out which users will be added to the subfolders and create groups and memberships based on that before modifying the permissions on the actual server.

If you want to start restricting most folders to read only for a higher percentage of the population then go to the main folder \\FS1\Public and change its permissions for all domain users to be read only. After the main folder permissions have been set, go to the subfolder and add permissions for the group who should have access to the subfolder.  People in the Estimating department would be members of an Estimating group that has access to \\FS1\Public\Estimating . People in HR would be members of the HR group that has access to \\FS1\Public\HR and etc.  

Sometimes file groups may be different than departments in the orgnization. For this reason, you may want to have a special OU or name prefix. For example, if you start application deployment via AD, you might want to prefix each group software group as SW so people will know that group is authorized people for that software (SW Peoplesoft HR) as opposed to (Peoplesoft HR) department.

0
 
3jmjAuthor Commented:
DaMaestro:

Let me try your point of view from public folder let me see if my users will complain, then I will let you know...

thank you,
regie
0
 
3jmjAuthor Commented:
Please be advised that I am still waiting for the user to confirm if the steps taken above were successful at all.

Thank you,
3jmj
0

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now