Restrict access to a shared folder

Hi there,
we need to restrict access to a specific folder (management) and limit the access to 2 named users.
Whats the correct way to do this?
OutsourcedAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

supportsCommented:
0
Richard DanekeTrainerCommented:
In short, the correct way is the effective way.
Right-click on the folder and select security.
Ensure the everone is deleted in the list.
Ensure Adminstroators group has enabled permissions.
Add the two users and set their permissions as desired (FULL)
Add the other users and set that permission to deny.
With many users there are more elegant methods, but this is quick and effective.
0
ConchCrawlCommented:
on sbs 2008 access based enumeration is turned on by default so if you limit the ntfs permissions on a file or folder to a specific user or group no one but those groups or users will be able even see the files or folders.
Using the sbs console is this easiest way to do this and the correct way on most sbs tasks.
Is the management folder the top level share or is there another folder about that is shared?
0
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

OutsourcedAuthor Commented:
The management folder isnt shared today and is a top level folder
the shared folder named "sharedfolder" is a "sister folder" to it

I just tried to run the SBS console 2008
picked the right folder
checked yes to change NTFS permissions
Edit permissions
press advance
unchecked "include inheritable permissions from this objets parent"
added the specified users
added share name "management folder"
and then im lost in SMB persion settings?

what to do?
0
ConchCrawlCommented:
on shared protocols, smb settings,  just accept the defaults. On the smb smb permissions I click on permissions and give everyone full access to the share, don't worry ntfs permissions will take care of the rest. Quota Policy is up to you but normally i leave it alone, aplly file screen leave unchecked, leave dfs setings unchecked,  review settings click create and you should be good to go.
Let me know if you need any further clarification.
0
OutsourcedAuthor Commented:
Hi there
is this correct ?
does NTFS "win" over SMB ?
##############
Share
      Share location: d:\topfolder\Microsoft Navision
      NTFS permissions:
            BUILTIN\Administrators = Allow:Full Control (explicit)
            domain\user A = Allow:Full Control (explicit)
            domain\User B = Allow:Full Control (explicit)
      Share over SMB: Microsoft Navision
            Share path: \\server-name\Microsoft Navision
            Description:
            User limit: Maximum allowed
            Offline setting: Selected files and programs available offline
            SMB permissions:
                  Everyone = Allow:Read
0
ConchCrawlCommented:
I would set the smb permissions to everyone=full control. You will have much less trouble. The only other thing i might take out builtin\administrators and put in domain\administrators, this usually works better on an sbs server.
ntfs permissions are separate issues from any share permissions but if you don't allow everyone access over the share and the user is connecting thru the share they will never get a chance to get to the ntfs permissions.
Replace the settings as posted above and you will see what I'm talking about.
0
OutsourcedAuthor Commented:
like this ?

Share
      Share location: d:\topfolder\Microsoft Navision
      NTFS permissions:
            domain\Domain Admins = Allow:Full Control (explicit)
            domain\user A = Allow:Full Control (explicit)
            domain\user B = Allow:Full Control (explicit)
      Share over SMB: Microsoft Navision
            Share path: \\server-name\Microsoft Navision
            Description:
            User limit: Maximum allowed
            Offline setting: Selected files and programs available offline
            SMB permissions:
                  Everyone = Allow:Full Control
0
ConchCrawlCommented:
Looks right to me.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
OutsourcedAuthor Commented:
Great thanks

Ill check the settings in the morning with the 2 users and if it works will i close and award you :)
0
OutsourcedAuthor Commented:
The reply was helpful and 100% right on
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SBS

From novice to tech pro — start learning today.