Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Folder/Share permissions - give user access to only one folder inside a share?

Posted on 2009-03-31
5
Medium Priority
?
874 Views
Last Modified: 2012-05-06
As an example, I have a folder setup like this:

.Share
..Subfolder A
..Subfolder B

I have a user who should have read/write access to subfolder A, but not subfolder B.  This user should also NOT have read/write access for anything inside of Share.  However, everyone else should have read/write access to Share, Subfolder A, and Subfolder B.  

Is there anyway to set this up as described?  I have access-based enumeration set up, but because they need read/write permissions for the share and the folder, that doesn't seem to matter.  
0
Comment
Question by:wgchangprosetta
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 16

Assisted Solution

by:speshalyst
speshalyst earned 100 total points
ID: 24032424
Lets call this Share ... "Temp" and the User .. .UserA  
On Temp give "everyone" read/write access  on the "Share permissions"..now on the NTFS Security.. give "everyone" read/write access as well.
Click on the Advanced Button .. while ont he NTFS Security of TEMP
Hit the Add button and add UserA explicitly and you could Deny read/write access for this USER alone.
Also ensure "replace permissions on child objects" is "checked" .
this should take care of the TEMP at the root level.
Now go to NTFS security of SubFolderA .. click the advanced button add UserA explicity and check Read/Write permissions under ALLOW .
Also ensure "replace permissions on child objects" is "checked" this will ensure UserA has read/write access to anything under SubfolderA .
 
Hope this is clear..
cheers
 
 
 
0
 
LVL 1

Expert Comment

by:rickdwebguy
ID: 24032608
There are many possibilities.  Here is a simple one.
1. Deny this user from the Share
2. Create a new share on Folder B and Grant the user "Change" permissions on that share.

The user will not be able to access the main share, but will be able to access the new share on Folder B.   I'd consider creating and using a Security Group if you think you will have more users that need to be restricted like this.

0
 

Accepted Solution

by:
wgchangprosetta earned 0 total points
ID: 24032801
What I ended up doing was this.  My share permissions have "Everyone" with Change/Read allowed.  Under the Share security [NTFS] permissions, the "Users" group has nothing checked, nothing allowed, nothing denied.  The group that is supposed to have read/write access to everything has modify access.  Inside Share, Subfolder A's NTFS security permissions are inherited from Share, and I've added the user with modify privileges.  The user can then browse to \\share\subfolder a\ but can't browse to \\share\ or do anything inside there.  This way, I don't have to check any deny boxes; that always seemed to cause some sort of issue for me in the past.  

Please let me know if I've missed something.  Thanks!
0
 
LVL 16

Expert Comment

by:speshalyst
ID: 24032832
Looks like we are set .... did you also check if this user  is able to browse thru SubfolderB..
he shoud not.. since B inherits from the root folders.. but just in case..
otherwise.. we are good to go
0
 

Author Comment

by:wgchangprosetta
ID: 24032851
Good call, let me check.  

Nope, they can't get into any other subfolder, and I have access-based enumeration enabled so they don't even see the other folders.  

Thanks for your help!
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Learn about cloud computing and its benefits for small business owners.
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question