Solved

Windows 2003 folder permission

Posted on 2010-11-11
44
365 Views
Last Modified: 2012-05-10
i have an MIS Repotr folder in my windows 2003 server and theat folder should be accessed by only one group called MIS GROUP WHICH I HAVE ALREADY in my active directory users.

how can i set the permission fol this folder called MIS reports so that only mis users can access and rest all cannot access at all please help me
0
Comment
Question by:kurajesh
  • 22
  • 16
  • 3
  • +3
44 Comments
 
LVL 9

Expert Comment

by:x3man
ID: 34109986
Give the MIS group the required permissions e.g. read write etc. and remove all other groups.
0
 
LVL 11

Expert Comment

by:farjadarshad
ID: 34109987
right click on that folder now from sharing tab press add button and select the mis user group and give the appropriate permissions and now move on to the security tab and select mis user group and give appropiate permission and also don't forget to remove "Everyone" group from security and shairing tab.

also check following

http://support.microsoft.com/kb/304040
http://support.microsoft.com/kb/307874
http://www.home-network-help.com/share-file.html
0
 
LVL 1

Expert Comment

by:CyberDave1
ID: 34109996
Check the properties on the folder.Click Security Tab > Advanced > Owner > Edit. Set MIS group as owners of the folder. Remove other users from the security/permissions list.
0
 
LVL 9

Expert Comment

by:x3man
ID: 34110011
You will need to set the correct share and ntfs permissions. See http://www.mcmcse.com/microsoft/guides/ntfs_and_share_permissions.shtml
This should help explain the various permissions and what they mean.

here is how to set the permissions: http://helpdeskgeek.com/networking/configuring-ntfs-shared-permissions-on-windows-2003/

To remove the everyone group from the ntfs permissions you may need to select the advanced menu in the security tab (in folder properties) and deselect "inherit from parent ....". Apply the current settings and then remove the everyone group.
0
 

Expert Comment

by:rifairoastery
ID: 34110045
1-right click to folder and click share- remove everyone permission than add user or group you want to open this folder .
2- select security tab  click advance -un-check ALLOW Inheritable permission  click copy and apply after that remove unwanted user like everyone and add MIS user dont forget adding administrator.
0
 
LVL 1

Author Comment

by:kurajesh
ID: 34110063
i have right clicked the folder and went to sharing , permission, add mis group and give allow full control and in security added the same group with full control. in security i can see the other names as default
such as

iis_wpg - read exec,list folder, read
interactive-list folder
internet guest acct-list folder

and iam attaching the prnscreen
0
 
LVL 1

Author Comment

by:kurajesh
ID: 34110070
i then checked the page still it is not allowing
0
 
LVL 9

Expert Comment

by:x3man
ID: 34110142
Log off the MIS user after setting permissions, log back on and test.
0
 
LVL 1

Author Comment

by:kurajesh
ID: 34110151
do i need to restart the domain controller as this group is an active directory group
0
 
LVL 9

Expert Comment

by:x3man
ID: 34110156
No.
0
 
LVL 11

Expert Comment

by:farjadarshad
ID: 34110158
0
 
LVL 11

Expert Comment

by:farjadarshad
ID: 34110163
also when the permission applies logoff and login the user
0
 
LVL 3

Expert Comment

by:Sainyam Aggarwal
ID: 34110168
Right click on folder and select sharing then go to the permission tab and remove all the groups and add mis group. then add administrator group if you want to access it as a administrator or if u r not a member of mis group. give them full control

then go to the security tab and do the same again remove all other groups and user and ad mis group and give them full control.

it will definetly solved ur problem
0
 
LVL 1

Author Comment

by:kurajesh
ID: 34111033
right now i have removed all users and added mis group and administrators to have full control and from my system i have typed the weblink to hat report and it asked for the username and password , i have given domain\username and password still it is not coming
0
 
LVL 9

Expert Comment

by:x3man
ID: 34111084
0
 
LVL 9

Expert Comment

by:x3man
ID: 34111128
You will likely need to configure Integrated Windows Authentication in IIS: http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/b2657856-7e5c-45c7-a97b-89db66dca248.mspx?mfr=true
This will use the credentials already used to logon the windows session (ie. you shouldn't need to re-enter credentials - it will use the username and password of the currently logged on user)
0
 
LVL 1

Author Comment

by:kurajesh
ID: 34111172
yes it is iis webserver , so how can i set this permission, can u please explain the steps
0
 
LVL 9

Expert Comment

by:x3man
ID: 34111228
To configure Integrated Windows authentication

1.In IIS Manager, double-click the local computer; right-click the Web Sites folder, an individual Web site folder, a virtual directory, or a file; and then click Properties.

Note:Configuration settings made at the Web Sites level are inherited by all of the Web sites on the server. You can override inheritance by configuring the individual site or site element.

1.Click the Directory Security or File Security tab, and then, in the Authentication and access control section, click Edit.

2.In the Authenticated access section, select the Windows Integrated Authentication check box.

3.Click OK twice.
0
 
LVL 1

Author Comment

by:kurajesh
ID: 34111341
i have done this and just for reference iam attahcing the prnscreens

please check the same
page1.png
page2.png
page4.png
page5.png
page6.png
0
 
LVL 1

Author Comment

by:kurajesh
ID: 34111382
iam still having the same issue
0
 
LVL 9

Expert Comment

by:x3man
ID: 34111425
All looks ok, except you should uncheck Enable Anonymous Access (as long as this is only applied to the MIS reports folder - not the entire website. (right click the MIS reports folder and go to properties>Directory Security etc and apply settings there).
0
 
LVL 1

Author Comment

by:kurajesh
ID: 34111474
i have unchecked the same in mis reports folder and then tried in my system but still iam not able to login even with any mis user
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 9

Expert Comment

by:x3man
ID: 34111475
Check IE settings (you are using IE?). Tools>Internet Options>Security tab>Select Local Intranet and make sure automatically detect intranet is enabled OR that the intranet has been added to the list of sites. Go back to Security tab and select Custom Level. Scroll down to bottom and make sure that automatic login in intranet zone is checked.
0
 
LVL 1

Author Comment

by:kurajesh
ID: 34111593
setting for IE are ok,  just let meknow if the permissions and security for this foilder are ok

local administrator, domain administrator and mis users are given full control
iis_wpg-read&exec,list and read
interactive - read
internet guest accounbt - list
network - list
network service - list
users(servername\users) - read&exec,list and read

in the advanced owner tab the screen is like this

have i missed any option

the objective is only mis users shud access this folder and rest all shoiuld not, please revert back
owner.png
0
 
LVL 9

Expert Comment

by:x3man
ID: 34111766
I would remove the internet guest account and the users(servername\users) groups. I don't know what the interactive group is? You may need to remove that?
You also will need to add the MIS group on there as well with whatever permissions you want to give them. Make sure you have disabled Anonymous access for this folder and are using Windows Integrated Authentication as I described before.
When you have finished check that members of the MIS group can access the folder and other users can not access the folder (apart from those that you also want to access the folder ie Administrators).
0
 
LVL 1

Author Comment

by:kurajesh
ID: 34111885
i removed that both internet and users and mis group is well there, anonymous access is disabled and windows intergrated is enabled.

do i need to do anything on owner tab under advanced in security
0
 
LVL 1

Author Comment

by:kurajesh
ID: 34111944
i was just trying to add everyone in permission  with full control and in secutiry also the same

but still no user are able to login , it is again asking the usermae and password
0
 
LVL 1

Author Comment

by:kurajesh
ID: 34112051
any luck
0
 
LVL 9

Expert Comment

by:x3man
ID: 34112088
Check that you're not using a proxy for the intranet site. (Windows Integrated Authentication is generally stopped by proxies)

   1. On the Tools menu in Internet Explorer, click Internet Options, click the Connections tab, and then click LAN Settings.
   2. Under Proxy server, is Use a proxy server for your LAN check box ticked?
If it is then:
   1. click to select the Bypass proxy server for local addresses check box.
   2. Click Advanced and under Exceptions add the name of the web server e.g. servername.domainname.com (replace as necessary)
0
 
LVL 1

Author Comment

by:kurajesh
ID: 34112133
there is no proxy at all, and i removed the everyone which i added now from permission and security tabs, i then access like
\\servername - it listed the shared folder and from there iam able to see all files under that foder

0
 
LVL 1

Author Comment

by:kurajesh
ID: 34112188
do i need to set anything in "websharing" option
right now c:\inetpub\wwwroot\sharedfolder - propoerties - websharing it is
share on - default web site and do not share this folder

0
 
LVL 9

Expert Comment

by:x3man
ID: 34112336
Is the MIS folder within a working intranet site? If so you should be able to access it using a URL in IE. For example by entering http://intranet/foldername/foldername/filename etc. in the address bar.
0
 
LVL 1

Author Comment

by:kurajesh
ID: 34112574
i again checked the iis in server and under websites when i clicked on any option under that site it says asin the screen
you have been denied access to this machine

kindlu check and revert back
ERROR.png
0
 
LVL 9

Expert Comment

by:x3man
ID: 34113318
Are you logged on with an account that is a member of the local administrators group?
0
 
LVL 1

Author Comment

by:kurajesh
ID: 34113587
I have typed the ip address with the port number in my system and it asked for the username and password then I have given as domainnameusername and password but still not loggoing
 
0
 
LVL 1

Author Comment

by:kurajesh
ID: 34117317
is it possible to connect via remote to this server in order to verify. Because this is our production mis reports and now users are not able to access
0
 
LVL 9

Expert Comment

by:x3man
ID: 34119361
Log on to the webserver locally (ie. at the machine) with a local admin account.

Did you change the permissions and disable anonymous access ONLY for the MIS reports folder as I described above - NOT the entire website?

"Because this is our production mis reports and now users are not able to access" - I thought that you didn't want all users to be able to access the MIS folder? Only members of MIS group. Or do you mean that they can't access any of the other folders - in which case check that you haven't changed the permissions and disabled anonymous access for other folders in the website. You may need to change these back to how they were as you are only interested in changing the permissions on the MIS folder.
0
 
LVL 9

Expert Comment

by:x3man
ID: 34119423
I noticed your last post you are trying to access a different website (Al Aqili) instead of the default website where the MIS folder is. Why? You should only be changing the permissions on the MIS folder.

Do you want ONLY the MIS users to be able to access the folder in a browser? If yes then you need to configure the appropriate permissions on the folder and disable anonymous access as described above.

Do you want ONLY the MIS users to be able to access the folder as a normal shared folder (using windows explorer - NOT Internet Explorer). In which case then you should configure the appropriate ntfs AND share permissions as I explained in my second post.
0
 
LVL 1

Author Comment

by:kurajesh
ID: 34119923
Iam sorry in fact in my IIS there are two foiders for MIS and our actual reference is the second one. I think I have been mentioning the first one sorry it is the second one whilch I meant.what we need is only users in mis groupshould access and others not.  
0
 
LVL 1

Author Comment

by:kurajesh
ID: 34120584
please note that iam able to login through domain\administrator and password but not with any other users including mis users
i have done some changes which gives this result

what could be done
0
 
LVL 1

Author Comment

by:kurajesh
ID: 34121218
as i wrote iam able to login as domain adminustrator and access the page.
when i try any mis users it repeteadly asks for the username and password
iam once again ataching the updated files screen1page2.jpg.bmp
page3.jpeg.bmp
0
 
LVL 9

Accepted Solution

by:
x3man earned 500 total points
ID: 34122077
To sum up what needs to be done to allow browser access to MIS folder for MIS group members and admins only:

On the MIS Folder ONLY:
- Set appropriate ntfs permissions e.g.admins and MIS group (you can also add any other groups you require to access the folder)
- Disable Anonymous Access
- Configure Integrated Windows authentication

As long as the clients are able to contact the webserver and there are no proxies between client and webserver they should be able to connect using the appropriate URL.


0
 
LVL 1

Author Comment

by:kurajesh
ID: 34126399
iam not able to figure out the issue in this case, i have restarted both my dc and this server , now if i type the weblink it is asking for username and password it is allowing all but with the login screen appearing ,  iwanted to remove all the sharing and start from the first step , could you pls help me,
0
 
LVL 1

Author Closing Comment

by:kurajesh
ID: 34161976
as advised by x3man it was actually the ntfs permission issue. in fact my deny permission was precedence over allow permission, i then gave the pemission to MIS users the proper ntfs permission , it is ok now , thanks a lot
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now