?
Solved

Setting up restricted folders in Win 2008 Server

Posted on 2010-08-19
5
Medium Priority
?
605 Views
Last Modified: 2013-12-04
Folks,

I have a generic share on Win2008 server where all users save documents that they would like backed up every night. In one of the folders on that share, I would like to restrict it so that only 3 users have the ability to see/change any of the items in that folder (HR stuff).

How do I set this up? I thought it should be obvious, but there is sharing AND security, and the security seems to not let me revoke permissions to the whole AD user group ("Users") and grant permissions to the 3 who need access to it.

In other words:

G drive is shared with all authenticated AD users.
    inside the G drive, I have a Human Resources folder. I only want the HR director, the owner, and the admin to have access to this folder.

How do I do this?

Thanks!

Brian
0
Comment
Question by:tinklerb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 63

Expert Comment

by:SysExpert
ID: 33477889
For simplicity's sake it may be better to set up a new directory ( not inside the one you have ) and do permission from scratch, as well as have your backup system make sure it is backed up seperately.

Other option is to turn off inherited permissions and do it inside the present share


0
 
LVL 42

Accepted Solution

by:
Adam Brown earned 1000 total points
ID: 33477908
Right click on the folder and select properties. Click the security tab, then click advanced. Click change permissions, then remove the check mark from the "Include inheritable permissions from this object's parent" box. Click apply. A box will come up telling you if you proceed that inheritable permissions will no longer propagate. Click the Remove button and that will clear all the inherited permissions on the folder. Once that's done, add the users/groups that you want to allow access to the folder. Do not list the groups that you don't want to have access, and do not use Deny permissions on any groups that the users you want to have access to the folder belong to. Deny permissions will over-ride any allow permissions you have in place.
0
 
LVL 6

Expert Comment

by:nettek0300
ID: 33478070
In addition to the above, if you are using a shared folder, you need to verify that everyone has read/write access to the share.  By default, users will only have read access which will deny them access to actually put a file in the shared folder.  The most restrictive permission wins.  I usually give everyone full control in the share permissions and then restrict it with the NTFS permissions (security tab).
0
 
LVL 42

Expert Comment

by:Adam Brown
ID: 33478098
The recommended best practice is to set Share permissions so the Authenticated Users Group (And Domain Computers, if computer accounts need access to the share) has full access to the share. There are some security concerns with setting share permissions to allow Everyone.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question