Solved

how to make a public folder read only to everyone but full control to certain users

Posted on 2006-06-29
9
447 Views
Last Modified: 2010-04-11
We have  a drive in one of our server that is shared and we call it Public Folder where in all users can share their data to everyone that needed it.  Unfortunately, due to everyone having full control there are some folders (ex. estimating)in Public Folder that everyone can have read only permissions and only certain users can have full control of that folder.

How can I restrict everyone to have full control and give certain users full control to a particular folder that is in our Public Folder?

Please help,  I tried to share that folder, gave everyone read only and certain user a full control but it did not work.  Please help me how to accomplish this task.  Please give me detail instructions of to do this.  

Please email me at niorpar@yahoo.com

Sincerely,
3jmj
0
Comment
Question by:3jmj
9 Comments
 
LVL 4

Expert Comment

by:gbirkemeier
ID: 17014245
Permissions always apply the most restrictive policy. You need to set up seperate groups that have real only and full access. Also make sure subdirectories are inheriting permissions like you want.
0
 
LVL 32

Expert Comment

by:r-k
ID: 17014370
Your problem is that the "Estimating" folder is inheriting permissions from the main Public folder.

To fix this, right-click on the Estimating folder, click on "Properties", then "Security" then "Advanced", and un-check the box that reads "inherit from parent..." and click "Copy" in the next dialog.

After that you'll be able to manipulate permissions on the "Estimating" folder separately from the main folder.

If you have lots of users then do create groups as suggested above, it will simplify the job. If you have few users then you can assign permissions for usernames directly.
0
 

Author Comment

by:3jmj
ID: 17070597
I had done what you had written above, when I tried it, it did not work.  I am having one of the user this mondayy to try it then I will let  you know if it worked or now.  Thank you... 3jmj
0
Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

 
LVL 6

Accepted Solution

by:
DaMaestro earned 250 total points
ID: 17077074
This illustration is for example only based on the info provided. I myself would only give list permissions for the users in the domain, and only read/change permissions to those who’s job actually requires the data in the subfolders. I prefer file/folder level permissions; it’s easier to troubleshoot permissions issues this way. Share level permissions require connections to the server to troubleshoot.

Example: Domain: NA  ;  Server: FS1  ; Share: Public   ; Subfolder1: Estimating   ;  Subfolder2: HR

You may need to reset permissions on all child objects from the parent to all subfolders before going to each subfolder and adding the Full permissions for those groups. It would also help if you have one group defined in AD for the permissions on that folder in that share, that way you don’t end up adding individual people to each folder on individual servers. It will also be faster when you change all the ACLS. Plan out which users will be added to the subfolders and create groups and memberships based on that before modifying the permissions on the actual server.

If you want to start restricting most folders to read only for a higher percentage of the population then go to the main folder \\FS1\Public and change its permissions for all domain users to be read only. After the main folder permissions have been set, go to the subfolder and add permissions for the group who should have access to the subfolder.  People in the Estimating department would be members of an Estimating group that has access to \\FS1\Public\Estimating . People in HR would be members of the HR group that has access to \\FS1\Public\HR and etc.  

Sometimes file groups may be different than departments in the orgnization. For this reason, you may want to have a special OU or name prefix. For example, if you start application deployment via AD, you might want to prefix each group software group as SW so people will know that group is authorized people for that software (SW Peoplesoft HR) as opposed to (Peoplesoft HR) department.

0
 

Author Comment

by:3jmj
ID: 17077262
DaMaestro:

Let me try your point of view from public folder let me see if my users will complain, then I will let you know...

thank you,
regie
0
 

Author Comment

by:3jmj
ID: 17312487
Please be advised that I am still waiting for the user to confirm if the steps taken above were successful at all.

Thank you,
3jmj
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now