Solved

Folder/Share permissions - give user access to only one folder inside a share?

Posted on 2009-03-31
5
865 Views
Last Modified: 2012-05-06
As an example, I have a folder setup like this:

.Share
..Subfolder A
..Subfolder B

I have a user who should have read/write access to subfolder A, but not subfolder B.  This user should also NOT have read/write access for anything inside of Share.  However, everyone else should have read/write access to Share, Subfolder A, and Subfolder B.  

Is there anyway to set this up as described?  I have access-based enumeration set up, but because they need read/write permissions for the share and the folder, that doesn't seem to matter.  
0
Comment
Question by:wgchangprosetta
  • 2
  • 2
5 Comments
 
LVL 16

Assisted Solution

by:speshalyst
speshalyst earned 25 total points
ID: 24032424
Lets call this Share ... "Temp" and the User .. .UserA  
On Temp give "everyone" read/write access  on the "Share permissions"..now on the NTFS Security.. give "everyone" read/write access as well.
Click on the Advanced Button .. while ont he NTFS Security of TEMP
Hit the Add button and add UserA explicitly and you could Deny read/write access for this USER alone.
Also ensure "replace permissions on child objects" is "checked" .
this should take care of the TEMP at the root level.
Now go to NTFS security of SubFolderA .. click the advanced button add UserA explicity and check Read/Write permissions under ALLOW .
Also ensure "replace permissions on child objects" is "checked" this will ensure UserA has read/write access to anything under SubfolderA .
 
Hope this is clear..
cheers
 
 
 
0
 
LVL 1

Expert Comment

by:rickdwebguy
ID: 24032608
There are many possibilities.  Here is a simple one.
1. Deny this user from the Share
2. Create a new share on Folder B and Grant the user "Change" permissions on that share.

The user will not be able to access the main share, but will be able to access the new share on Folder B.   I'd consider creating and using a Security Group if you think you will have more users that need to be restricted like this.

0
 

Accepted Solution

by:
wgchangprosetta earned 0 total points
ID: 24032801
What I ended up doing was this.  My share permissions have "Everyone" with Change/Read allowed.  Under the Share security [NTFS] permissions, the "Users" group has nothing checked, nothing allowed, nothing denied.  The group that is supposed to have read/write access to everything has modify access.  Inside Share, Subfolder A's NTFS security permissions are inherited from Share, and I've added the user with modify privileges.  The user can then browse to \\share\subfolder a\ but can't browse to \\share\ or do anything inside there.  This way, I don't have to check any deny boxes; that always seemed to cause some sort of issue for me in the past.  

Please let me know if I've missed something.  Thanks!
0
 
LVL 16

Expert Comment

by:speshalyst
ID: 24032832
Looks like we are set .... did you also check if this user  is able to browse thru SubfolderB..
he shoud not.. since B inherits from the root folders.. but just in case..
otherwise.. we are good to go
0
 

Author Comment

by:wgchangprosetta
ID: 24032851
Good call, let me check.  

Nope, they can't get into any other subfolder, and I have access-based enumeration enabled so they don't even see the other folders.  

Thanks for your help!
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now