Solved

Restricted access to folders for some users using NTFS

Posted on 2006-11-22
8
340 Views
Last Modified: 2010-04-18
We have a network share containing 50+ folders on a Windows 2003 server accessed by Windows XP clients, for general shared use. Share permissions are Full Control for Everyone, and NTFS permissions set to Read & Execute, List Folder Contents, and Read for the Users group. Sub Folders have the modify right set for the users group, so that users can create, read and delete files.

I need to restrict access to this share by a certain set of users (members of a single group) so that they can only read files from one folder.

How is this best achieved using NTFS permissions?
0
Comment
Question by:sustrans
  • 4
  • 2
8 Comments
 
LVL 5

Expert Comment

by:TheMetrix
ID: 17995688
Change the NTFS Permissions to:

Administrators: Full Control
Users: Read Only
Add the other groups to have Modify Access

It might seem like a bit too much work for something so easy but it will give you more granular control.
0
 

Author Comment

by:sustrans
ID: 17995893
I'm not sure I explained myself too well. I need users in a certain group to only see FolderX and none of the other folders on the share.

The others users are (generally) not in specific groups, and I do not want to have to modify the rights on all the other folders (or remember to do so on any new folders in the future).
0
 
LVL 5

Expert Comment

by:TheMetrix
ID: 17995994
More clearity is good.

If the folder you wish to change permissions for is below the root share - Open up the Security Tab for NTFS Permissions. Click on Advance Button, on the advance tab remove the check mark from "Allow inheritable permissions from the parent to propagate to this object and all child objects. Include these with entries explicityly defince here"

You will a pop-up asking if you want to remove or copy all of the groups/users permissions from the parent. Click on Copy, after you click on Copy you will be taken back to the Properties page, Remove Users/Everyone group and add the Group you want to explicit permissions to that folder. Login as a test users for that Group to test the permissions.
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 5

Expert Comment

by:TheMetrix
ID: 17996007
Also, have you thought of using Organizational Units (OU's) to manage you users? You might find it to be much easier to manager your domain this way.
0
 

Author Comment

by:sustrans
ID: 17996451
The problem with the above solution is that it restricts the folder to the specific group, but that group can see all the other folders by virtue of its members being in the users group. What I need is for the specific group to be denied access to all folders other than the one I nominate.
0
 
LVL 5

Accepted Solution

by:
TheMetrix earned 250 total points
ID: 17998187
You keep adding more and more requirements and complexity with each comment. Make up your mind here and be specific.

1st You have the Everyone Group which is EVERYONE to include the group you want to restrict. And you have Group 1 (The restricted Group)

If you do not want the Everyone Group to see a folder that only Group 1 is to have access to then Move the Folder out of the Common Share. Share the Restricted Folder and Allow only Group 1 Access both by Share Permission and NTFS Permission. Meaning Remove the Everyone Group. Then with the Common Share you will need to Add Group 1 and Deny them permission to the Common Share.

2nd you need to split your users up by group and or OU to give yourself more versatility. To try and restrict users when the majority of your users belong to Only the Everyone Group can be confusing and difficult as you have already noticed.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used.

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question