?
Solved

Restricted access to folders for some users using NTFS

Posted on 2006-11-22
8
Medium Priority
?
346 Views
Last Modified: 2010-04-18
We have a network share containing 50+ folders on a Windows 2003 server accessed by Windows XP clients, for general shared use. Share permissions are Full Control for Everyone, and NTFS permissions set to Read & Execute, List Folder Contents, and Read for the Users group. Sub Folders have the modify right set for the users group, so that users can create, read and delete files.

I need to restrict access to this share by a certain set of users (members of a single group) so that they can only read files from one folder.

How is this best achieved using NTFS permissions?
0
Comment
Question by:sustrans
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
8 Comments
 
LVL 5

Expert Comment

by:TheMetrix
ID: 17995688
Change the NTFS Permissions to:

Administrators: Full Control
Users: Read Only
Add the other groups to have Modify Access

It might seem like a bit too much work for something so easy but it will give you more granular control.
0
 

Author Comment

by:sustrans
ID: 17995893
I'm not sure I explained myself too well. I need users in a certain group to only see FolderX and none of the other folders on the share.

The others users are (generally) not in specific groups, and I do not want to have to modify the rights on all the other folders (or remember to do so on any new folders in the future).
0
 
LVL 5

Expert Comment

by:TheMetrix
ID: 17995994
More clearity is good.

If the folder you wish to change permissions for is below the root share - Open up the Security Tab for NTFS Permissions. Click on Advance Button, on the advance tab remove the check mark from "Allow inheritable permissions from the parent to propagate to this object and all child objects. Include these with entries explicityly defince here"

You will a pop-up asking if you want to remove or copy all of the groups/users permissions from the parent. Click on Copy, after you click on Copy you will be taken back to the Properties page, Remove Users/Everyone group and add the Group you want to explicit permissions to that folder. Login as a test users for that Group to test the permissions.
0
Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

 
LVL 5

Expert Comment

by:TheMetrix
ID: 17996007
Also, have you thought of using Organizational Units (OU's) to manage you users? You might find it to be much easier to manager your domain this way.
0
 

Author Comment

by:sustrans
ID: 17996451
The problem with the above solution is that it restricts the folder to the specific group, but that group can see all the other folders by virtue of its members being in the users group. What I need is for the specific group to be denied access to all folders other than the one I nominate.
0
 
LVL 5

Accepted Solution

by:
TheMetrix earned 1000 total points
ID: 17998187
You keep adding more and more requirements and complexity with each comment. Make up your mind here and be specific.

1st You have the Everyone Group which is EVERYONE to include the group you want to restrict. And you have Group 1 (The restricted Group)

If you do not want the Everyone Group to see a folder that only Group 1 is to have access to then Move the Folder out of the Common Share. Share the Restricted Folder and Allow only Group 1 Access both by Share Permission and NTFS Permission. Meaning Remove the Everyone Group. Then with the Common Share you will need to Add Group 1 and Deny them permission to the Common Share.

2nd you need to split your users up by group and or OU to give yourself more versatility. To try and restrict users when the majority of your users belong to Only the Everyone Group can be confusing and difficult as you have already noticed.
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
Learn about cloud computing and its benefits for small business owners.
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question