Restrict access to a shared folder

Hi there,
we need to restrict access to a specific folder (management) and limit the access to 2 named users.
Whats the correct way to do this?
OutsourcedAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
ConchCrawlConnect With a Mentor Commented:
Looks right to me.
0
 
supportsCommented:
0
 
Richard DanekeTrainerCommented:
In short, the correct way is the effective way.
Right-click on the folder and select security.
Ensure the everone is deleted in the list.
Ensure Adminstroators group has enabled permissions.
Add the two users and set their permissions as desired (FULL)
Add the other users and set that permission to deny.
With many users there are more elegant methods, but this is quick and effective.
0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
ConchCrawlCommented:
on sbs 2008 access based enumeration is turned on by default so if you limit the ntfs permissions on a file or folder to a specific user or group no one but those groups or users will be able even see the files or folders.
Using the sbs console is this easiest way to do this and the correct way on most sbs tasks.
Is the management folder the top level share or is there another folder about that is shared?
0
 
OutsourcedAuthor Commented:
The management folder isnt shared today and is a top level folder
the shared folder named "sharedfolder" is a "sister folder" to it

I just tried to run the SBS console 2008
picked the right folder
checked yes to change NTFS permissions
Edit permissions
press advance
unchecked "include inheritable permissions from this objets parent"
added the specified users
added share name "management folder"
and then im lost in SMB persion settings?

what to do?
0
 
ConchCrawlCommented:
on shared protocols, smb settings,  just accept the defaults. On the smb smb permissions I click on permissions and give everyone full access to the share, don't worry ntfs permissions will take care of the rest. Quota Policy is up to you but normally i leave it alone, aplly file screen leave unchecked, leave dfs setings unchecked,  review settings click create and you should be good to go.
Let me know if you need any further clarification.
0
 
OutsourcedAuthor Commented:
Hi there
is this correct ?
does NTFS "win" over SMB ?
##############
Share
      Share location: d:\topfolder\Microsoft Navision
      NTFS permissions:
            BUILTIN\Administrators = Allow:Full Control (explicit)
            domain\user A = Allow:Full Control (explicit)
            domain\User B = Allow:Full Control (explicit)
      Share over SMB: Microsoft Navision
            Share path: \\server-name\Microsoft Navision
            Description:
            User limit: Maximum allowed
            Offline setting: Selected files and programs available offline
            SMB permissions:
                  Everyone = Allow:Read
0
 
ConchCrawlCommented:
I would set the smb permissions to everyone=full control. You will have much less trouble. The only other thing i might take out builtin\administrators and put in domain\administrators, this usually works better on an sbs server.
ntfs permissions are separate issues from any share permissions but if you don't allow everyone access over the share and the user is connecting thru the share they will never get a chance to get to the ntfs permissions.
Replace the settings as posted above and you will see what I'm talking about.
0
 
OutsourcedAuthor Commented:
like this ?

Share
      Share location: d:\topfolder\Microsoft Navision
      NTFS permissions:
            domain\Domain Admins = Allow:Full Control (explicit)
            domain\user A = Allow:Full Control (explicit)
            domain\user B = Allow:Full Control (explicit)
      Share over SMB: Microsoft Navision
            Share path: \\server-name\Microsoft Navision
            Description:
            User limit: Maximum allowed
            Offline setting: Selected files and programs available offline
            SMB permissions:
                  Everyone = Allow:Full Control
0
 
OutsourcedAuthor Commented:
Great thanks

Ill check the settings in the morning with the 2 users and if it works will i close and award you :)
0
 
OutsourcedAuthor Commented:
The reply was helpful and 100% right on
0
All Courses

From novice to tech pro — start learning today.