Solved

Setting permissions for group to unlock shared files that are locked for editing by another user

Posted on 2010-09-02
16
1,530 Views
Last Modified: 2013-12-04
Does anyone know how to setup a group or permissions for a group (helpdesk) to be able to unlock a shared network file such as a spreadsheet or Access database without being able to login to a server? This would be for, file server(s), Server 2003 Enterprise and Standard SP2 and/or Server 2008 R2 Enterprise and helpdesk users using WinXP and/or Win7.

For instance, there are a group of users that are each able to access a spreadsheet and edit it. One user somehow locks it and nobody can edit it until it is unlocked. Rather than having a Systems Admin unlock it from the file server, is there a way to set permissions to have a helpdesk admin do the unlocking without having to login to the file server? I'd like to be able to apply this to a group policy and just assign the helpdesk this group in Active Directory. Any ideas? Thanks!
0
Comment
Question by:ajhoy26
  • 8
  • 7
16 Comments
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 33586969
If you do not want them to login to the file server you can open up a computer management session (local machine) or (MMC) and connect to another computer. From here you will be able to access the files on the server without having to actually login.
0
 
LVL 7

Expert Comment

by:ieden
ID: 33586981
The assignment is not in AD in as much as it is in the security of the directory on the fileserver that keeps the files. "Full Control" is more then enough but that opens your files up to security manipulation by the helpdesk. Modify should be enough but to be sure, grant Full Control and remove change permissions and take ownership
0
 

Author Comment

by:ajhoy26
ID: 33598354
I guess let me try to be a little more clear on what I want...
There are several shared drives on a file server. There are multiple groups that have write/modify access to the multiple shared files on that drive.
The helpdesk keeps getting calls that the files are locked for editing. They in turn have to create a ticket and send them to us in Infrastructure.
What I would really like is to have an application or MMC or something created and rolled out to the Helpdesk group so that they can just login or pull it up and click to unlock the file.
Is that possible? If so how?
0
 
LVL 7

Accepted Solution

by:
ieden earned 500 total points
ID: 33598473
Depending on the role of the server, the Help desk needs to be made Administrator equivilent. They would then be able to go into Computer Management, Connect to remote server, Locate the file that is open, Close all connections to the open file. If the File server is a DC, they would need to be assigned Domain Admin privs. If a Standalone Domain Server, they would need to be added to the Local Administrators group on the server. This will give them the required rights to "kick" other users from a file. All Windows users have this "built in" tool. Right click "my Computer" Right Click "Computer Management (Local)" choose connect to another computer... Type NetBIOS name of server click OK, Expand Shared Folders, Click on Open Files, sort by Open File and scroll till the desired file is in view, Select file and right click to choose "close open file".
0
 

Author Comment

by:ajhoy26
ID: 33618207
I've tried going through Computer Managment but it only shows me the local shared drives not the network shared drives. Any ideas?
0
 
LVL 7

Expert Comment

by:ieden
ID: 33618653
Yup, follow the directions above and connect to a remote computer... You can do so by using Computer Management.
1.jpg
2.jpg
0
 

Author Comment

by:ajhoy26
ID: 33619450
I'm sorry, I meant the local drives of the server I'm connecting to...
 
I need to be able to access that S: Drive that's listed under the Network Drives. I have full permissions so that's not it.
 

1.jpg
2.jpg
0
 
LVL 7

Expert Comment

by:ieden
ID: 33620196
Please review.
3.jpg
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:ajhoy26
ID: 33620273
Right, I've tried that but it's only showing files for drive F. Nothing else.
 

3.jpg
0
 
LVL 7

Expert Comment

by:ieden
ID: 33621356
Are you able to scroll through the open file window and see if other files are "open"? According to the previous screenshots you have provided, the F:\Shared directory has 304 users connected in one way or another.
0
 

Author Comment

by:ajhoy26
ID: 33621458
Yes, I can scroll down... Currently there are 294 users too. It still just shows files located on that one drive. It doesn't allow me to connect to other drives.
0
 
LVL 7

Expert Comment

by:ieden
ID: 33622963
The F:\ drive while connected to the remote computer in Computer Management mmc is their S:\ drive(Shared on \\servername). You will need to see if there is an F:\Shared\*.doc open by some user.
0
 

Author Comment

by:ajhoy26
ID: 33626650
It's not that, I checked that already. The F: Drive on the server shows the same folders as the F: Drive in the MMC and none of the folders on the S: Drive.
0
 
LVL 7

Expert Comment

by:ieden
ID: 33627502
If you can't see the folders there, I can only assume that security is not configured correctly for the account you are using. Unless the account you are using is configured with administrative rights to the server and that account has not been restricted in it's administrative rights to files/folders\shares, you will not see the files. The user needs to be a member of a group with "Adminstrator" privs to the server with the files shared. It is possible that the user may not have enough privs on the share as well. Double check the Share and the Security on the server. It is not enough to have "Administrator" privs on the server if the group is not also "Full Control" both on the share and in the security areas of the files and folders.
1.jpg
2.jpg
3.jpg
4.jpg
5.jpg
0
 

Author Comment

by:ajhoy26
ID: 33627905
Oh man, that was it... Multiple groups with various permission levels. Duh... Thanks!
0
 
LVL 7

Expert Comment

by:ieden
ID: 33628069
NP. Glad to be of help!
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
OfficeMate Freezes on login or does not load after login credentials are input.
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now