Setting permissions for group to unlock shared files that are locked for editing by another user

Does anyone know how to setup a group or permissions for a group (helpdesk) to be able to unlock a shared network file such as a spreadsheet or Access database without being able to login to a server? This would be for, file server(s), Server 2003 Enterprise and Standard SP2 and/or Server 2008 R2 Enterprise and helpdesk users using WinXP and/or Win7.

For instance, there are a group of users that are each able to access a spreadsheet and edit it. One user somehow locks it and nobody can edit it until it is unlocked. Rather than having a Systems Admin unlock it from the file server, is there a way to set permissions to have a helpdesk admin do the unlocking without having to login to the file server? I'd like to be able to apply this to a group policy and just assign the helpdesk this group in Active Directory. Any ideas? Thanks!
ajhoy26Asked:
Who is Participating?
 
iedenConnect With a Mentor Commented:
Depending on the role of the server, the Help desk needs to be made Administrator equivilent. They would then be able to go into Computer Management, Connect to remote server, Locate the file that is open, Close all connections to the open file. If the File server is a DC, they would need to be assigned Domain Admin privs. If a Standalone Domain Server, they would need to be added to the Local Administrators group on the server. This will give them the required rights to "kick" other users from a file. All Windows users have this "built in" tool. Right click "my Computer" Right Click "Computer Management (Local)" choose connect to another computer... Type NetBIOS name of server click OK, Expand Shared Folders, Click on Open Files, sort by Open File and scroll till the desired file is in view, Select file and right click to choose "close open file".
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
If you do not want them to login to the file server you can open up a computer management session (local machine) or (MMC) and connect to another computer. From here you will be able to access the files on the server without having to actually login.
0
 
iedenCommented:
The assignment is not in AD in as much as it is in the security of the directory on the fileserver that keeps the files. "Full Control" is more then enough but that opens your files up to security manipulation by the helpdesk. Modify should be enough but to be sure, grant Full Control and remove change permissions and take ownership
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
ajhoy26Author Commented:
I guess let me try to be a little more clear on what I want...
There are several shared drives on a file server. There are multiple groups that have write/modify access to the multiple shared files on that drive.
The helpdesk keeps getting calls that the files are locked for editing. They in turn have to create a ticket and send them to us in Infrastructure.
What I would really like is to have an application or MMC or something created and rolled out to the Helpdesk group so that they can just login or pull it up and click to unlock the file.
Is that possible? If so how?
0
 
ajhoy26Author Commented:
I've tried going through Computer Managment but it only shows me the local shared drives not the network shared drives. Any ideas?
0
 
iedenCommented:
Yup, follow the directions above and connect to a remote computer... You can do so by using Computer Management.
1.jpg
2.jpg
0
 
ajhoy26Author Commented:
I'm sorry, I meant the local drives of the server I'm connecting to...
 
I need to be able to access that S: Drive that's listed under the Network Drives. I have full permissions so that's not it.
 

1.jpg
2.jpg
0
 
iedenCommented:
Please review.
3.jpg
0
 
ajhoy26Author Commented:
Right, I've tried that but it's only showing files for drive F. Nothing else.
 

3.jpg
0
 
iedenCommented:
Are you able to scroll through the open file window and see if other files are "open"? According to the previous screenshots you have provided, the F:\Shared directory has 304 users connected in one way or another.
0
 
ajhoy26Author Commented:
Yes, I can scroll down... Currently there are 294 users too. It still just shows files located on that one drive. It doesn't allow me to connect to other drives.
0
 
iedenCommented:
The F:\ drive while connected to the remote computer in Computer Management mmc is their S:\ drive(Shared on \\servername). You will need to see if there is an F:\Shared\*.doc open by some user.
0
 
ajhoy26Author Commented:
It's not that, I checked that already. The F: Drive on the server shows the same folders as the F: Drive in the MMC and none of the folders on the S: Drive.
0
 
iedenCommented:
If you can't see the folders there, I can only assume that security is not configured correctly for the account you are using. Unless the account you are using is configured with administrative rights to the server and that account has not been restricted in it's administrative rights to files/folders\shares, you will not see the files. The user needs to be a member of a group with "Adminstrator" privs to the server with the files shared. It is possible that the user may not have enough privs on the share as well. Double check the Share and the Security on the server. It is not enough to have "Administrator" privs on the server if the group is not also "Full Control" both on the share and in the security areas of the files and folders.
1.jpg
2.jpg
3.jpg
4.jpg
5.jpg
0
 
ajhoy26Author Commented:
Oh man, that was it... Multiple groups with various permission levels. Duh... Thanks!
0
 
iedenCommented:
NP. Glad to be of help!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.