Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Setting up restricted folders in Win 2008 Server

Posted on 2010-08-19
5
Medium Priority
?
607 Views
Last Modified: 2013-12-04
Folks,

I have a generic share on Win2008 server where all users save documents that they would like backed up every night. In one of the folders on that share, I would like to restrict it so that only 3 users have the ability to see/change any of the items in that folder (HR stuff).

How do I set this up? I thought it should be obvious, but there is sharing AND security, and the security seems to not let me revoke permissions to the whole AD user group ("Users") and grant permissions to the 3 who need access to it.

In other words:

G drive is shared with all authenticated AD users.
    inside the G drive, I have a Human Resources folder. I only want the HR director, the owner, and the admin to have access to this folder.

How do I do this?

Thanks!

Brian
0
Comment
Question by:tinklerb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 63

Expert Comment

by:SysExpert
ID: 33477889
For simplicity's sake it may be better to set up a new directory ( not inside the one you have ) and do permission from scratch, as well as have your backup system make sure it is backed up seperately.

Other option is to turn off inherited permissions and do it inside the present share


0
 
LVL 43

Accepted Solution

by:
Adam Brown earned 1000 total points
ID: 33477908
Right click on the folder and select properties. Click the security tab, then click advanced. Click change permissions, then remove the check mark from the "Include inheritable permissions from this object's parent" box. Click apply. A box will come up telling you if you proceed that inheritable permissions will no longer propagate. Click the Remove button and that will clear all the inherited permissions on the folder. Once that's done, add the users/groups that you want to allow access to the folder. Do not list the groups that you don't want to have access, and do not use Deny permissions on any groups that the users you want to have access to the folder belong to. Deny permissions will over-ride any allow permissions you have in place.
0
 
LVL 6

Expert Comment

by:nettek0300
ID: 33478070
In addition to the above, if you are using a shared folder, you need to verify that everyone has read/write access to the share.  By default, users will only have read access which will deny them access to actually put a file in the shared folder.  The most restrictive permission wins.  I usually give everyone full control in the share permissions and then restrict it with the NTFS permissions (security tab).
0
 
LVL 43

Expert Comment

by:Adam Brown
ID: 33478098
The recommended best practice is to set Share permissions so the Authenticated Users Group (And Domain Computers, if computer accounts need access to the share) has full access to the share. There are some security concerns with setting share permissions to allow Everyone.
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question