• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 258
  • Last Modified:

Mac users have access to all mac shares on Windows Server 2003

We are running a Windows Server 2003 domain with active directory. We have a mixture of windows and mac based users accessing shares on the server. Through AD, we have assigned access rights to users to certain files and areas and this is working without issue. The problem that we have is when we create a file share to allow mac users to connect the the server, these same access rights do not carry over, basically all mac users can see all mac shared files and i cannot work out how to limit this. Any help would be greatly appreciated.
Hope i have explained this well enough. Thanks
0
mhannan13
Asked:
mhannan13
  • 5
  • 4
1 Solution
 
KaffiendCommented:
What exactly do you mean by "all mac users can see all mac shared files" ?  

And how are the MAC-based users connecting to the server (by using smb I hope) ?


Control access by using Windows ACLs.  
(MAC-based users can function just fine in a Windows AD environment, as long as they access Windows file shares using their AD credentials)
0
 
nappy_dThere are a 1000 ways to skin the technology cat.Commented:
If you are sharing files over AFP(services for Macintosh) for Mac users, the permissions will differ.  Disable SFM and make your user connect via SMB.
0
 
mhannan13Author Commented:
mac users are connecting via smb.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell┬« is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
KaffiendCommented:
Since mac-based users connect through smb, I would suggest you check the permissions structure of the shared folders for clues as to why users seem to have more access rights than desired.
(In other words, from what I can see so far, it is probably not a Mac-specific issue)

Look especially at inherited permissions, perhaps.
0
 
mhannan13Author Commented:
Kaffiend, ill check permissions but i can guarantee that permissions on folders are set correctly for pc based users, no issues with access or deny.
0
 
KaffiendCommented:
If you log on to a PC, using a MAC user's AD credentials, do you still have the same problem where this user can access more than is desired?
0
 
mhannan13Author Commented:
no. it works perfectly, only access to what they should have.
0
 
KaffiendCommented:
Cool, thanks for trying that.  So we can rule out Windows permissions as the problem.

Maybe at some point, admin-level credentials were used to access the folders in question, and these got saved in the MAC's keychain?
0
 
mhannan13Author Commented:
thats an idea, what would i look for? will not be on location again until early next week so i cannot check this now. Thanks for the continued advice.
0
 
KaffiendCommented:
Utilities > Keychain Access
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now