[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Windows Server 2008 Folder Permission

Posted on 2011-05-04
18
Medium Priority
?
388 Views
Last Modified: 2012-08-13
Hi,
I created a shared folder A and created several subfolders for different department. I would like users only can access to their own department  folder. I went ahead created groups first ( I tried both Security and Distribution) and I then put designated users to those groups.
When I Added the group to the department folder under A user could not see the folder they belong to out there! If I add one user at time they can see the folder. I don’t mind add individually if that department only has five staff. There is one department has hundred staff and manually add them is very time consuming.
Any better way of doing it? By the way, the A folder is located on Windows 2008 R2 32bit Standard, not DC. Group were created on Windows 2003 DC. Our domain lever is 2003.
Thank you very much in advance!
0
Comment
Question by:lgallion
  • 9
  • 8
17 Comments
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35692408
What permissions does the parent folder have?

You should be using Security groups only. What other groups is the group a part of?
0
 

Author Comment

by:lgallion
ID: 35692521
I used the default rights for parent folder :Everyone, Create Owner, system, administrator.....
I don't understand what other goups is the group A? Group A is root of server C drive and underneath has HR, Admin, Marketing....
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35692594
Is Group A part of another group? Go to Properties of Group you can see Memeber Of here.

Do you have any Deny in the root directory?

Are you adding permission to Share and Ntfs?
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:lgallion
ID: 35692734
Group A is not a part of the other group and I don't have any deny right in the root directory. no share only ntfs.
0
 

Author Comment

by:lgallion
ID: 35692754
I am sorry parent group - group A is both Share (Everyone is Full) and ntfs rights
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35692915
When you add departments to the Folders you don't see the folder or you get Access Denied?
0
 

Author Comment

by:lgallion
ID: 35693102
I don't see the folders.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35693258
What folders are you not seeing? The folders inside the Root folder or the Department folder?
0
 

Author Comment

by:lgallion
ID: 35693262
The department folder
0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 2000 total points
ID: 35693286
Ok are you sure you are connecting to the department folder properly? If you add the one user with the Group on permissions can user see folders then?

Doesn't seem to be a permission problem because the user can connect.

Check Access Enumeration

http://technet.microsoft.com/en-us/library/dd772681(WS.10).aspx
0
 

Author Comment

by:lgallion
ID: 35693424
Under the Share and storage management console the access enumeration is enabled.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35693459
Remove this
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35693466
Check permissions on these folders make sure users have permissions to these folders below on the department folder
0
 

Author Comment

by:lgallion
ID: 35693541
It works on folder visibily! Everyone can see all department folders now beside themselves, of cause they can not access other than their own. Originally I only wanted them to see their own folder. I can live with it if there is no other way?
0
 

Author Comment

by:lgallion
ID: 35693606
Thank you, dariusg, for telling me disable the access emmunation and made a big progress now. Like I said if there is no other way I can live with it.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35694849
The solution should be http://#a35693286
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35694852
Solution wasn't selected
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question