Solved

Folder/Share permissions - give user access to only one folder inside a share?

Posted on 2009-03-31
5
869 Views
Last Modified: 2012-05-06
As an example, I have a folder setup like this:

.Share
..Subfolder A
..Subfolder B

I have a user who should have read/write access to subfolder A, but not subfolder B.  This user should also NOT have read/write access for anything inside of Share.  However, everyone else should have read/write access to Share, Subfolder A, and Subfolder B.  

Is there anyway to set this up as described?  I have access-based enumeration set up, but because they need read/write permissions for the share and the folder, that doesn't seem to matter.  
0
Comment
Question by:wgchangprosetta
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 16

Assisted Solution

by:speshalyst
speshalyst earned 25 total points
ID: 24032424
Lets call this Share ... "Temp" and the User .. .UserA  
On Temp give "everyone" read/write access  on the "Share permissions"..now on the NTFS Security.. give "everyone" read/write access as well.
Click on the Advanced Button .. while ont he NTFS Security of TEMP
Hit the Add button and add UserA explicitly and you could Deny read/write access for this USER alone.
Also ensure "replace permissions on child objects" is "checked" .
this should take care of the TEMP at the root level.
Now go to NTFS security of SubFolderA .. click the advanced button add UserA explicity and check Read/Write permissions under ALLOW .
Also ensure "replace permissions on child objects" is "checked" this will ensure UserA has read/write access to anything under SubfolderA .
 
Hope this is clear..
cheers
 
 
 
0
 
LVL 1

Expert Comment

by:rickdwebguy
ID: 24032608
There are many possibilities.  Here is a simple one.
1. Deny this user from the Share
2. Create a new share on Folder B and Grant the user "Change" permissions on that share.

The user will not be able to access the main share, but will be able to access the new share on Folder B.   I'd consider creating and using a Security Group if you think you will have more users that need to be restricted like this.

0
 

Accepted Solution

by:
wgchangprosetta earned 0 total points
ID: 24032801
What I ended up doing was this.  My share permissions have "Everyone" with Change/Read allowed.  Under the Share security [NTFS] permissions, the "Users" group has nothing checked, nothing allowed, nothing denied.  The group that is supposed to have read/write access to everything has modify access.  Inside Share, Subfolder A's NTFS security permissions are inherited from Share, and I've added the user with modify privileges.  The user can then browse to \\share\subfolder a\ but can't browse to \\share\ or do anything inside there.  This way, I don't have to check any deny boxes; that always seemed to cause some sort of issue for me in the past.  

Please let me know if I've missed something.  Thanks!
0
 
LVL 16

Expert Comment

by:speshalyst
ID: 24032832
Looks like we are set .... did you also check if this user  is able to browse thru SubfolderB..
he shoud not.. since B inherits from the root folders.. but just in case..
otherwise.. we are good to go
0
 

Author Comment

by:wgchangprosetta
ID: 24032851
Good call, let me check.  

Nope, they can't get into any other subfolder, and I have access-based enumeration enabled so they don't even see the other folders.  

Thanks for your help!
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question