• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 348
  • Last Modified:

Restricted access to folders for some users using NTFS

We have a network share containing 50+ folders on a Windows 2003 server accessed by Windows XP clients, for general shared use. Share permissions are Full Control for Everyone, and NTFS permissions set to Read & Execute, List Folder Contents, and Read for the Users group. Sub Folders have the modify right set for the users group, so that users can create, read and delete files.

I need to restrict access to this share by a certain set of users (members of a single group) so that they can only read files from one folder.

How is this best achieved using NTFS permissions?
0
sustrans
Asked:
sustrans
  • 4
  • 2
1 Solution
 
TheMetrixCommented:
Change the NTFS Permissions to:

Administrators: Full Control
Users: Read Only
Add the other groups to have Modify Access

It might seem like a bit too much work for something so easy but it will give you more granular control.
0
 
sustransAuthor Commented:
I'm not sure I explained myself too well. I need users in a certain group to only see FolderX and none of the other folders on the share.

The others users are (generally) not in specific groups, and I do not want to have to modify the rights on all the other folders (or remember to do so on any new folders in the future).
0
 
TheMetrixCommented:
More clearity is good.

If the folder you wish to change permissions for is below the root share - Open up the Security Tab for NTFS Permissions. Click on Advance Button, on the advance tab remove the check mark from "Allow inheritable permissions from the parent to propagate to this object and all child objects. Include these with entries explicityly defince here"

You will a pop-up asking if you want to remove or copy all of the groups/users permissions from the parent. Click on Copy, after you click on Copy you will be taken back to the Properties page, Remove Users/Everyone group and add the Group you want to explicit permissions to that folder. Login as a test users for that Group to test the permissions.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
TheMetrixCommented:
Also, have you thought of using Organizational Units (OU's) to manage you users? You might find it to be much easier to manager your domain this way.
0
 
sustransAuthor Commented:
The problem with the above solution is that it restricts the folder to the specific group, but that group can see all the other folders by virtue of its members being in the users group. What I need is for the specific group to be denied access to all folders other than the one I nominate.
0
 
TheMetrixCommented:
You keep adding more and more requirements and complexity with each comment. Make up your mind here and be specific.

1st You have the Everyone Group which is EVERYONE to include the group you want to restrict. And you have Group 1 (The restricted Group)

If you do not want the Everyone Group to see a folder that only Group 1 is to have access to then Move the Folder out of the Common Share. Share the Restricted Folder and Allow only Group 1 Access both by Share Permission and NTFS Permission. Meaning Remove the Everyone Group. Then with the Common Share you will need to Add Group 1 and Deny them permission to the Common Share.

2nd you need to split your users up by group and or OU to give yourself more versatility. To try and restrict users when the majority of your users belong to Only the Everyone Group can be confusing and difficult as you have already noticed.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now