Solved

Folder/Share permissions - give user access to only one folder inside a share?

Posted on 2009-03-31
5
871 Views
Last Modified: 2012-05-06
As an example, I have a folder setup like this:

.Share
..Subfolder A
..Subfolder B

I have a user who should have read/write access to subfolder A, but not subfolder B.  This user should also NOT have read/write access for anything inside of Share.  However, everyone else should have read/write access to Share, Subfolder A, and Subfolder B.  

Is there anyway to set this up as described?  I have access-based enumeration set up, but because they need read/write permissions for the share and the folder, that doesn't seem to matter.  
0
Comment
Question by:wgchangprosetta
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 16

Assisted Solution

by:speshalyst
speshalyst earned 25 total points
ID: 24032424
Lets call this Share ... "Temp" and the User .. .UserA  
On Temp give "everyone" read/write access  on the "Share permissions"..now on the NTFS Security.. give "everyone" read/write access as well.
Click on the Advanced Button .. while ont he NTFS Security of TEMP
Hit the Add button and add UserA explicitly and you could Deny read/write access for this USER alone.
Also ensure "replace permissions on child objects" is "checked" .
this should take care of the TEMP at the root level.
Now go to NTFS security of SubFolderA .. click the advanced button add UserA explicity and check Read/Write permissions under ALLOW .
Also ensure "replace permissions on child objects" is "checked" this will ensure UserA has read/write access to anything under SubfolderA .
 
Hope this is clear..
cheers
 
 
 
0
 
LVL 1

Expert Comment

by:rickdwebguy
ID: 24032608
There are many possibilities.  Here is a simple one.
1. Deny this user from the Share
2. Create a new share on Folder B and Grant the user "Change" permissions on that share.

The user will not be able to access the main share, but will be able to access the new share on Folder B.   I'd consider creating and using a Security Group if you think you will have more users that need to be restricted like this.

0
 

Accepted Solution

by:
wgchangprosetta earned 0 total points
ID: 24032801
What I ended up doing was this.  My share permissions have "Everyone" with Change/Read allowed.  Under the Share security [NTFS] permissions, the "Users" group has nothing checked, nothing allowed, nothing denied.  The group that is supposed to have read/write access to everything has modify access.  Inside Share, Subfolder A's NTFS security permissions are inherited from Share, and I've added the user with modify privileges.  The user can then browse to \\share\subfolder a\ but can't browse to \\share\ or do anything inside there.  This way, I don't have to check any deny boxes; that always seemed to cause some sort of issue for me in the past.  

Please let me know if I've missed something.  Thanks!
0
 
LVL 16

Expert Comment

by:speshalyst
ID: 24032832
Looks like we are set .... did you also check if this user  is able to browse thru SubfolderB..
he shoud not.. since B inherits from the root folders.. but just in case..
otherwise.. we are good to go
0
 

Author Comment

by:wgchangprosetta
ID: 24032851
Good call, let me check.  

Nope, they can't get into any other subfolder, and I have access-based enumeration enabled so they don't even see the other folders.  

Thanks for your help!
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question