file sharing permissions in widnows 2003 domain

Posted on 2009-05-26
Medium Priority
Last Modified: 2013-12-05
Hello all,

Our setup is Windows 2003 domain.  On one of our servers we have some shared folders.  I would like to allow our users to only view the contents of the folders, and not have the ability to open the files.  This will allow us (as admins) to start keeping track of how often this data is used.

I was able to accomplish this in a workgroup by going under the Security tab of a folder and uncheck all but "List Folder Contents" checkboxes for the particular user/group.  It seems that from my testing the file sharing permissions are set under the Sharing tab and not the Security tab.

Is there a way to only allow users to list contents of a specific folder in a windows 2003 domain?

Question by:nix-IT
  • 2
  • 2

Author Comment

ID: 24487048
LVL 16

Accepted Solution

Kevin Hays earned 2000 total points
ID: 24494171
In a domain I would suggest you implement the shared folders according to this.

Share the folder and give everyone full control.
NTFS tab is where you control the security.
Remove all permissions and groups from the security tab and start by adding in the local machine\administrators = full control
domain\administrators = full control
system = full control
domain users = list folder contents / read data

Of couse you would replace domain users with whatever group you want to have that permission.

To get to this point do the following.
Right click on folder, properties, <sharing> and share the folder and add everyone=full control
<security> advanced, uncheck the inheritable permissions and then click remove.
Start adding in those groups I suggested to start with.


Author Comment

ID: 24494328
Thanx, I had everything but the "Full Control" setting in sharing, which is why (I'm assuming) it wasn't working.  

Even though we don't want to give our users READ access, I can mess with the permissions in under the security tab to give us appropriate privileges.  Thanks so much for you help.

LVL 16

Expert Comment

by:Kevin Hays
ID: 24495750
yeah, that's the problem then.  You always want to assign the everyone group under the "sharing" tab to full control and then you control who gets what access via the "security" tab :)  It is just so much easier to control and audit that way.
Anytime, glad I could help and thanks for the grade!

Featured Post

Train for your Pen Testing Engineer Certification

Enroll today in this bundle of courses to gain experience in the logistics of pen testing, Linux fundamentals, vulnerability assessments, detecting live systems, and more! This series, valued at $3,000, is free for Premium members, Team Accounts, and Qualified Experts.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
When you have multiple client accounts to manage, it often feels like there aren’t enough hours in the day. With too many applications to juggle, you can’t focus on your clients, much less your growing to-do list. But that doesn’t have to be the cas…
From store locators to asset tracking and route optimization, learn how leading companies are using Google Maps APIs throughout the customer journey to increase checkout conversions, boost user engagement, and optimize order fulfillment. Powered …

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question