Solved

security for folder

Posted on 2011-03-14
5
231 Views
Last Modified: 2012-05-11
I have Windows 2003 ServerStandard and I want to create backup folders for users.  I only want the user and the administrator/user of the server to be able to access this folder.  Under security of the folder how should I set this up?  
0
Comment
Question by:mkramer777
  • 2
  • 2
5 Comments
 
LVL 21

Expert Comment

by:Larry Struckmeyer MVP
ID: 35128738
What is meant by "backup folders"?  Where do the user documents reside now?  All user info should live on the Server, which should be backed up daily to removable media which is cycled out of the building in case of a complete loss of infrastructure.  

However, if what you want is a folder on the server where you can force user documents to be copied from wherever they are now, the easiest way to do this is to create a top level share for each user:  "Joe's Backup", "Sally's Backup", etc and set the share permissions and the NTFS security to allow only the admin and each user to have access to each folder by name.

Nested folders can be done, but it is more difficult to setup and maintain.
0
 

Author Comment

by:mkramer777
ID: 35128876
I don't want to do it with a share I want to do it with security.  Create the folder on the server and right click it and choose sharing and security and then the security tab.  From there I only want the user and the server to be able to access that folder.  How would I do that? Here are screenshots of a folder I created and did nothing with. It shows the groups and usernames that have access.  I want the server to be able to access this folder and subfolders underneath plus this user:  b-eng1
I need help in setting just right.   Thanks. I'm a bit new at this so I might not be wording things exactly right.   Document.doc
0
 
LVL 23

Accepted Solution

by:
ormerodrutter earned 250 total points
ID: 35128927
1 Create sub folders using whatever names you want to call.
2 Under security grant permissino to Administartor (or Administrators) and the particular user(s), giving them FULL access permission.
3 Remove the Everyone group in the ACL list. If it has been greyed out (e.g. not moveable), click the ADvanced button and uncheck the "Allow inheritable permission......" option, then redo 3
0
 

Author Comment

by:mkramer777
ID: 35129364
There is not everyone group in the acl list.  I sent a screen shot.  I would think I would have to remove users group as well.  Still not sure how to do this exactly right.  
0
 
LVL 21

Expert Comment

by:Larry Struckmeyer MVP
ID: 35129978
Whether or not you need a share depends on how you want the files to get into the folders, which is why I asked where the user files are now.  Users cannot copy/move anything from their stations, or view anything on the server, that is not shared.  It is with share permissions and NTFS security that you control who has access to what folders and files.

If the users files and folders are already on the server, then I don't understand the need to do this.  You should already be backing up the files and folders, and Shadow Copies will allow the users to restore any changed or deleted files in their folders.  However, as an admin task you can force a copy of user files into non shared folders if the task runs, either manually or scheduled, on the server itself, not accross the network.

Start with the folder, shared or not, remove all share permissions and NTFS security except for the Administrator, go to Advanced and make sure permissions and security are not inherited, then add back the user for his own folder with the appropriate settings.  But if you want the users to access these folders from the network, they will have to be shares.

But,
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question