Link to home
Create AccountLog in
Avatar of kurajesh
kurajesh

asked on

Windows 2003 folder permission

i have an MIS Repotr folder in my windows 2003 server and theat folder should be accessed by only one group called MIS GROUP WHICH I HAVE ALREADY in my active directory users.

how can i set the permission fol this folder called MIS reports so that only mis users can access and rest all cannot access at all please help me
Avatar of x3man
x3man

Give the MIS group the required permissions e.g. read write etc. and remove all other groups.
Avatar of Muhammad Farjad Arshad
right click on that folder now from sharing tab press add button and select the mis user group and give the appropriate permissions and now move on to the security tab and select mis user group and give appropiate permission and also don't forget to remove "Everyone" group from security and shairing tab.

also check following

http://support.microsoft.com/kb/304040
http://support.microsoft.com/kb/307874
http://www.home-network-help.com/share-file.html
Check the properties on the folder.Click Security Tab > Advanced > Owner > Edit. Set MIS group as owners of the folder. Remove other users from the security/permissions list.
You will need to set the correct share and ntfs permissions. See http://www.mcmcse.com/microsoft/guides/ntfs_and_share_permissions.shtml
This should help explain the various permissions and what they mean.

here is how to set the permissions: http://helpdeskgeek.com/networking/configuring-ntfs-shared-permissions-on-windows-2003/

To remove the everyone group from the ntfs permissions you may need to select the advanced menu in the security tab (in folder properties) and deselect "inherit from parent ....". Apply the current settings and then remove the everyone group.
1-right click to folder and click share- remove everyone permission than add user or group you want to open this folder .
2- select security tab  click advance -un-check ALLOW Inheritable permission  click copy and apply after that remove unwanted user like everyone and add MIS user dont forget adding administrator.
Avatar of kurajesh

ASKER

i have right clicked the folder and went to sharing , permission, add mis group and give allow full control and in security added the same group with full control. in security i can see the other names as default
such as

iis_wpg - read exec,list folder, read
interactive-list folder
internet guest acct-list folder

and iam attaching the prnscreen
i then checked the page still it is not allowing
Log off the MIS user after setting permissions, log back on and test.
do i need to restart the domain controller as this group is an active directory group
No.
also when the permission applies logoff and login the user
Right click on folder and select sharing then go to the permission tab and remove all the groups and add mis group. then add administrator group if you want to access it as a administrator or if u r not a member of mis group. give them full control

then go to the security tab and do the same again remove all other groups and user and ad mis group and give them full control.

it will definetly solved ur problem
right now i have removed all users and added mis group and administrators to have full control and from my system i have typed the weblink to hat report and it asked for the username and password , i have given domain\username and password still it is not coming
You will likely need to configure Integrated Windows Authentication in IIS: http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/b2657856-7e5c-45c7-a97b-89db66dca248.mspx?mfr=true
This will use the credentials already used to logon the windows session (ie. you shouldn't need to re-enter credentials - it will use the username and password of the currently logged on user)
yes it is iis webserver , so how can i set this permission, can u please explain the steps
To configure Integrated Windows authentication

1.In IIS Manager, double-click the local computer; right-click the Web Sites folder, an individual Web site folder, a virtual directory, or a file; and then click Properties.

Note:Configuration settings made at the Web Sites level are inherited by all of the Web sites on the server. You can override inheritance by configuring the individual site or site element.

1.Click the Directory Security or File Security tab, and then, in the Authentication and access control section, click Edit.

2.In the Authenticated access section, select the Windows Integrated Authentication check box.

3.Click OK twice.
i have done this and just for reference iam attahcing the prnscreens

please check the same
page1.png
page2.png
page4.png
page5.png
page6.png
iam still having the same issue
All looks ok, except you should uncheck Enable Anonymous Access (as long as this is only applied to the MIS reports folder - not the entire website. (right click the MIS reports folder and go to properties>Directory Security etc and apply settings there).
i have unchecked the same in mis reports folder and then tried in my system but still iam not able to login even with any mis user
Check IE settings (you are using IE?). Tools>Internet Options>Security tab>Select Local Intranet and make sure automatically detect intranet is enabled OR that the intranet has been added to the list of sites. Go back to Security tab and select Custom Level. Scroll down to bottom and make sure that automatic login in intranet zone is checked.
setting for IE are ok,  just let meknow if the permissions and security for this foilder are ok

local administrator, domain administrator and mis users are given full control
iis_wpg-read&exec,list and read
interactive - read
internet guest accounbt - list
network - list
network service - list
users(servername\users) - read&exec,list and read

in the advanced owner tab the screen is like this

have i missed any option

the objective is only mis users shud access this folder and rest all shoiuld not, please revert back
owner.png
I would remove the internet guest account and the users(servername\users) groups. I don't know what the interactive group is? You may need to remove that?
You also will need to add the MIS group on there as well with whatever permissions you want to give them. Make sure you have disabled Anonymous access for this folder and are using Windows Integrated Authentication as I described before.
When you have finished check that members of the MIS group can access the folder and other users can not access the folder (apart from those that you also want to access the folder ie Administrators).
i removed that both internet and users and mis group is well there, anonymous access is disabled and windows intergrated is enabled.

do i need to do anything on owner tab under advanced in security
i was just trying to add everyone in permission  with full control and in secutiry also the same

but still no user are able to login , it is again asking the usermae and password
any luck
Check that you're not using a proxy for the intranet site. (Windows Integrated Authentication is generally stopped by proxies)

   1. On the Tools menu in Internet Explorer, click Internet Options, click the Connections tab, and then click LAN Settings.
   2. Under Proxy server, is Use a proxy server for your LAN check box ticked?
If it is then:
   1. click to select the Bypass proxy server for local addresses check box.
   2. Click Advanced and under Exceptions add the name of the web server e.g. servername.domainname.com (replace as necessary)
there is no proxy at all, and i removed the everyone which i added now from permission and security tabs, i then access like
\\servername - it listed the shared folder and from there iam able to see all files under that foder

do i need to set anything in "websharing" option
right now c:\inetpub\wwwroot\sharedfolder - propoerties - websharing it is
share on - default web site and do not share this folder

Is the MIS folder within a working intranet site? If so you should be able to access it using a URL in IE. For example by entering http://intranet/foldername/foldername/filename etc. in the address bar.
i again checked the iis in server and under websites when i clicked on any option under that site it says asin the screen
you have been denied access to this machine

kindlu check and revert back
ERROR.png
Are you logged on with an account that is a member of the local administrators group?
I have typed the ip address with the port number in my system and it asked for the username and password then I have given as domainnameusername and password but still not loggoing
 
is it possible to connect via remote to this server in order to verify. Because this is our production mis reports and now users are not able to access
Log on to the webserver locally (ie. at the machine) with a local admin account.

Did you change the permissions and disable anonymous access ONLY for the MIS reports folder as I described above - NOT the entire website?

"Because this is our production mis reports and now users are not able to access" - I thought that you didn't want all users to be able to access the MIS folder? Only members of MIS group. Or do you mean that they can't access any of the other folders - in which case check that you haven't changed the permissions and disabled anonymous access for other folders in the website. You may need to change these back to how they were as you are only interested in changing the permissions on the MIS folder.
I noticed your last post you are trying to access a different website (Al Aqili) instead of the default website where the MIS folder is. Why? You should only be changing the permissions on the MIS folder.

Do you want ONLY the MIS users to be able to access the folder in a browser? If yes then you need to configure the appropriate permissions on the folder and disable anonymous access as described above.

Do you want ONLY the MIS users to be able to access the folder as a normal shared folder (using windows explorer - NOT Internet Explorer). In which case then you should configure the appropriate ntfs AND share permissions as I explained in my second post.
Iam sorry in fact in my IIS there are two foiders for MIS and our actual reference is the second one. I think I have been mentioning the first one sorry it is the second one whilch I meant.what we need is only users in mis groupshould access and others not.  
please note that iam able to login through domain\administrator and password but not with any other users including mis users
i have done some changes which gives this result

what could be done
as i wrote iam able to login as domain adminustrator and access the page.
when i try any mis users it repeteadly asks for the username and password
iam once again ataching the updated files User generated imagepage2.jpg.bmp
page3.jpeg.bmp
ASKER CERTIFIED SOLUTION
Avatar of x3man
x3man

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
iam not able to figure out the issue in this case, i have restarted both my dc and this server , now if i type the weblink it is asking for username and password it is allowing all but with the login screen appearing ,  iwanted to remove all the sharing and start from the first step , could you pls help me,
as advised by x3man it was actually the ntfs permission issue. in fact my deny permission was precedence over allow permission, i then gave the pemission to MIS users the proper ntfs permission , it is ok now , thanks a lot