Solved

Folder/Share permissions - give user access to only one folder inside a share?

Posted on 2009-03-31
5
867 Views
Last Modified: 2012-05-06
As an example, I have a folder setup like this:

.Share
..Subfolder A
..Subfolder B

I have a user who should have read/write access to subfolder A, but not subfolder B.  This user should also NOT have read/write access for anything inside of Share.  However, everyone else should have read/write access to Share, Subfolder A, and Subfolder B.  

Is there anyway to set this up as described?  I have access-based enumeration set up, but because they need read/write permissions for the share and the folder, that doesn't seem to matter.  
0
Comment
Question by:wgchangprosetta
  • 2
  • 2
5 Comments
 
LVL 16

Assisted Solution

by:speshalyst
speshalyst earned 25 total points
ID: 24032424
Lets call this Share ... "Temp" and the User .. .UserA  
On Temp give "everyone" read/write access  on the "Share permissions"..now on the NTFS Security.. give "everyone" read/write access as well.
Click on the Advanced Button .. while ont he NTFS Security of TEMP
Hit the Add button and add UserA explicitly and you could Deny read/write access for this USER alone.
Also ensure "replace permissions on child objects" is "checked" .
this should take care of the TEMP at the root level.
Now go to NTFS security of SubFolderA .. click the advanced button add UserA explicity and check Read/Write permissions under ALLOW .
Also ensure "replace permissions on child objects" is "checked" this will ensure UserA has read/write access to anything under SubfolderA .
 
Hope this is clear..
cheers
 
 
 
0
 
LVL 1

Expert Comment

by:rickdwebguy
ID: 24032608
There are many possibilities.  Here is a simple one.
1. Deny this user from the Share
2. Create a new share on Folder B and Grant the user "Change" permissions on that share.

The user will not be able to access the main share, but will be able to access the new share on Folder B.   I'd consider creating and using a Security Group if you think you will have more users that need to be restricted like this.

0
 

Accepted Solution

by:
wgchangprosetta earned 0 total points
ID: 24032801
What I ended up doing was this.  My share permissions have "Everyone" with Change/Read allowed.  Under the Share security [NTFS] permissions, the "Users" group has nothing checked, nothing allowed, nothing denied.  The group that is supposed to have read/write access to everything has modify access.  Inside Share, Subfolder A's NTFS security permissions are inherited from Share, and I've added the user with modify privileges.  The user can then browse to \\share\subfolder a\ but can't browse to \\share\ or do anything inside there.  This way, I don't have to check any deny boxes; that always seemed to cause some sort of issue for me in the past.  

Please let me know if I've missed something.  Thanks!
0
 
LVL 16

Expert Comment

by:speshalyst
ID: 24032832
Looks like we are set .... did you also check if this user  is able to browse thru SubfolderB..
he shoud not.. since B inherits from the root folders.. but just in case..
otherwise.. we are good to go
0
 

Author Comment

by:wgchangprosetta
ID: 24032851
Good call, let me check.  

Nope, they can't get into any other subfolder, and I have access-based enumeration enabled so they don't even see the other folders.  

Thanks for your help!
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to virtualize old server? (2003) 7 101
Can’t delete a file 14 163
need help with active directory 4 45
Alert on Server memory 2 23
by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question