Solved

Mac users have access to all mac shares on Windows Server 2003

Posted on 2011-03-08
10
236 Views
Last Modified: 2012-05-11
We are running a Windows Server 2003 domain with active directory. We have a mixture of windows and mac based users accessing shares on the server. Through AD, we have assigned access rights to users to certain files and areas and this is working without issue. The problem that we have is when we create a file share to allow mac users to connect the the server, these same access rights do not carry over, basically all mac users can see all mac shared files and i cannot work out how to limit this. Any help would be greatly appreciated.
Hope i have explained this well enough. Thanks
0
Comment
Question by:mhannan13
  • 5
  • 4
10 Comments
 
LVL 14

Expert Comment

by:Kaffiend
ID: 35080292
What exactly do you mean by "all mac users can see all mac shared files" ?  

And how are the MAC-based users connecting to the server (by using smb I hope) ?


Control access by using Windows ACLs.  
(MAC-based users can function just fine in a Windows AD environment, as long as they access Windows file shares using their AD credentials)
0
 
LVL 32

Accepted Solution

by:
nappy_d earned 500 total points
ID: 35081842
If you are sharing files over AFP(services for Macintosh) for Mac users, the permissions will differ.  Disable SFM and make your user connect via SMB.
0
 

Author Comment

by:mhannan13
ID: 35086305
mac users are connecting via smb.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 14

Expert Comment

by:Kaffiend
ID: 35086539
Since mac-based users connect through smb, I would suggest you check the permissions structure of the shared folders for clues as to why users seem to have more access rights than desired.
(In other words, from what I can see so far, it is probably not a Mac-specific issue)

Look especially at inherited permissions, perhaps.
0
 

Author Comment

by:mhannan13
ID: 35098022
Kaffiend, ill check permissions but i can guarantee that permissions on folders are set correctly for pc based users, no issues with access or deny.
0
 
LVL 14

Expert Comment

by:Kaffiend
ID: 35098706
If you log on to a PC, using a MAC user's AD credentials, do you still have the same problem where this user can access more than is desired?
0
 

Author Comment

by:mhannan13
ID: 35099903
no. it works perfectly, only access to what they should have.
0
 
LVL 14

Expert Comment

by:Kaffiend
ID: 35100811
Cool, thanks for trying that.  So we can rule out Windows permissions as the problem.

Maybe at some point, admin-level credentials were used to access the folders in question, and these got saved in the MAC's keychain?
0
 

Author Comment

by:mhannan13
ID: 35100893
thats an idea, what would i look for? will not be on location again until early next week so i cannot check this now. Thanks for the continued advice.
0
 
LVL 14

Expert Comment

by:Kaffiend
ID: 35101044
Utilities > Keychain Access
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
DHCP lease duration / Migration 8 53
domain controllers numbers 4 76
OneDrive for Business:  Redirected Folder or Network Drive natively? 3 54
Domain Controller FSMO 7 39
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question