Solved

Setting permissions for group to unlock shared files that are locked for editing by another user

Posted on 2010-09-02
16
1,639 Views
Last Modified: 2013-12-04
Does anyone know how to setup a group or permissions for a group (helpdesk) to be able to unlock a shared network file such as a spreadsheet or Access database without being able to login to a server? This would be for, file server(s), Server 2003 Enterprise and Standard SP2 and/or Server 2008 R2 Enterprise and helpdesk users using WinXP and/or Win7.

For instance, there are a group of users that are each able to access a spreadsheet and edit it. One user somehow locks it and nobody can edit it until it is unlocked. Rather than having a Systems Admin unlock it from the file server, is there a way to set permissions to have a helpdesk admin do the unlocking without having to login to the file server? I'd like to be able to apply this to a group policy and just assign the helpdesk this group in Active Directory. Any ideas? Thanks!
0
Comment
Question by:ajhoy26
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 7
16 Comments
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 33586969
If you do not want them to login to the file server you can open up a computer management session (local machine) or (MMC) and connect to another computer. From here you will be able to access the files on the server without having to actually login.
0
 
LVL 7

Expert Comment

by:ieden
ID: 33586981
The assignment is not in AD in as much as it is in the security of the directory on the fileserver that keeps the files. "Full Control" is more then enough but that opens your files up to security manipulation by the helpdesk. Modify should be enough but to be sure, grant Full Control and remove change permissions and take ownership
0
 

Author Comment

by:ajhoy26
ID: 33598354
I guess let me try to be a little more clear on what I want...
There are several shared drives on a file server. There are multiple groups that have write/modify access to the multiple shared files on that drive.
The helpdesk keeps getting calls that the files are locked for editing. They in turn have to create a ticket and send them to us in Infrastructure.
What I would really like is to have an application or MMC or something created and rolled out to the Helpdesk group so that they can just login or pull it up and click to unlock the file.
Is that possible? If so how?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 7

Accepted Solution

by:
ieden earned 500 total points
ID: 33598473
Depending on the role of the server, the Help desk needs to be made Administrator equivilent. They would then be able to go into Computer Management, Connect to remote server, Locate the file that is open, Close all connections to the open file. If the File server is a DC, they would need to be assigned Domain Admin privs. If a Standalone Domain Server, they would need to be added to the Local Administrators group on the server. This will give them the required rights to "kick" other users from a file. All Windows users have this "built in" tool. Right click "my Computer" Right Click "Computer Management (Local)" choose connect to another computer... Type NetBIOS name of server click OK, Expand Shared Folders, Click on Open Files, sort by Open File and scroll till the desired file is in view, Select file and right click to choose "close open file".
0
 

Author Comment

by:ajhoy26
ID: 33618207
I've tried going through Computer Managment but it only shows me the local shared drives not the network shared drives. Any ideas?
0
 
LVL 7

Expert Comment

by:ieden
ID: 33618653
Yup, follow the directions above and connect to a remote computer... You can do so by using Computer Management.
1.jpg
2.jpg
0
 

Author Comment

by:ajhoy26
ID: 33619450
I'm sorry, I meant the local drives of the server I'm connecting to...
 
I need to be able to access that S: Drive that's listed under the Network Drives. I have full permissions so that's not it.
 

1.jpg
2.jpg
0
 
LVL 7

Expert Comment

by:ieden
ID: 33620196
Please review.
3.jpg
0
 

Author Comment

by:ajhoy26
ID: 33620273
Right, I've tried that but it's only showing files for drive F. Nothing else.
 

3.jpg
0
 
LVL 7

Expert Comment

by:ieden
ID: 33621356
Are you able to scroll through the open file window and see if other files are "open"? According to the previous screenshots you have provided, the F:\Shared directory has 304 users connected in one way or another.
0
 

Author Comment

by:ajhoy26
ID: 33621458
Yes, I can scroll down... Currently there are 294 users too. It still just shows files located on that one drive. It doesn't allow me to connect to other drives.
0
 
LVL 7

Expert Comment

by:ieden
ID: 33622963
The F:\ drive while connected to the remote computer in Computer Management mmc is their S:\ drive(Shared on \\servername). You will need to see if there is an F:\Shared\*.doc open by some user.
0
 

Author Comment

by:ajhoy26
ID: 33626650
It's not that, I checked that already. The F: Drive on the server shows the same folders as the F: Drive in the MMC and none of the folders on the S: Drive.
0
 
LVL 7

Expert Comment

by:ieden
ID: 33627502
If you can't see the folders there, I can only assume that security is not configured correctly for the account you are using. Unless the account you are using is configured with administrative rights to the server and that account has not been restricted in it's administrative rights to files/folders\shares, you will not see the files. The user needs to be a member of a group with "Adminstrator" privs to the server with the files shared. It is possible that the user may not have enough privs on the share as well. Double check the Share and the Security on the server. It is not enough to have "Administrator" privs on the server if the group is not also "Full Control" both on the share and in the security areas of the files and folders.
1.jpg
2.jpg
3.jpg
4.jpg
5.jpg
0
 

Author Comment

by:ajhoy26
ID: 33627905
Oh man, that was it... Multiple groups with various permission levels. Duh... Thanks!
0
 
LVL 7

Expert Comment

by:ieden
ID: 33628069
NP. Glad to be of help!
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question