Solved

Setting up restricted folders in Win 2008 Server

Posted on 2010-08-19
5
598 Views
Last Modified: 2013-12-04
Folks,

I have a generic share on Win2008 server where all users save documents that they would like backed up every night. In one of the folders on that share, I would like to restrict it so that only 3 users have the ability to see/change any of the items in that folder (HR stuff).

How do I set this up? I thought it should be obvious, but there is sharing AND security, and the security seems to not let me revoke permissions to the whole AD user group ("Users") and grant permissions to the 3 who need access to it.

In other words:

G drive is shared with all authenticated AD users.
    inside the G drive, I have a Human Resources folder. I only want the HR director, the owner, and the admin to have access to this folder.

How do I do this?

Thanks!

Brian
0
Comment
Question by:tinklerb
  • 2
5 Comments
 
LVL 63

Expert Comment

by:SysExpert
ID: 33477889
For simplicity's sake it may be better to set up a new directory ( not inside the one you have ) and do permission from scratch, as well as have your backup system make sure it is backed up seperately.

Other option is to turn off inherited permissions and do it inside the present share


0
 
LVL 38

Accepted Solution

by:
Adam Brown earned 250 total points
ID: 33477908
Right click on the folder and select properties. Click the security tab, then click advanced. Click change permissions, then remove the check mark from the "Include inheritable permissions from this object's parent" box. Click apply. A box will come up telling you if you proceed that inheritable permissions will no longer propagate. Click the Remove button and that will clear all the inherited permissions on the folder. Once that's done, add the users/groups that you want to allow access to the folder. Do not list the groups that you don't want to have access, and do not use Deny permissions on any groups that the users you want to have access to the folder belong to. Deny permissions will over-ride any allow permissions you have in place.
0
 
LVL 6

Expert Comment

by:nettek0300
ID: 33478070
In addition to the above, if you are using a shared folder, you need to verify that everyone has read/write access to the share.  By default, users will only have read access which will deny them access to actually put a file in the shared folder.  The most restrictive permission wins.  I usually give everyone full control in the share permissions and then restrict it with the NTFS permissions (security tab).
0
 
LVL 38

Expert Comment

by:Adam Brown
ID: 33478098
The recommended best practice is to set Share permissions so the Authenticated Users Group (And Domain Computers, if computer accounts need access to the share) has full access to the share. There are some security concerns with setting share permissions to allow Everyone.
0

Join & Write a Comment

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now