NTFS Share Permissions issue
Posted on 2011-09-14
I am struggling to setup the correct permissions in Windows 2008R2 having moved our main fileserver files from old Novell Server.
I have a share \\fileserver\share1 in that share are folders eg:
The primary user of \\fileserver\share1 is our Health & Safety person and they have full access to read/write delete etc.
There is a Team of people who are responsible for writing reports and they need r/w access to several of the folders. There are others who need only read access to some of the folders (around 15 folders). The bulk of the folders (around 40 folders) are for the H&S person only and she adds/deletes new/old ones at a whim.
I setup the permissions on the NTFS share so that the group that needed RW access has it to the 12 folders they need RW access to. I setup the permissions so that the Read only group have read only access to the folders they need access to and the effective permissions confirm this. I've granted both groups traverse rights to the root folder \\fileserver\share1
My MAJOR issue is that the users cannot navigate to the root share. ie: They try to browse to \\fileserver\share1 and get access denied. Sure they can get to \\fileserver1\share1\folder12 etc but not to the root.
I don't want to grant list/read access to the root otherwise they can read everything in the entire share which is not what is required.
Do they really need to have 12-15 different shortcuts to the folders inside the share? Surely windows permissions has a means of saying you can traverse that folder so I'll open it and show you only what you are allowed to access?
Surely its not the case that the user has to have lots of shortcuts or need to remember the name and type the full path?
I have a similar problem with another folder \\fileserver\share2\documents\board meetings\reports
Now Share2 is the Chief Exec's share and he and his secretary have full rights to all the hundreds of folders in that heirarchy. He wants the senior management team to have write access to the reports folder which I've granted. They have traverse rights on the \\fileserver\share2
Now it works fine if the senior manager types the full path \\fileserver\share2\documents\board meetings\reports in Start | Run box, then maps a drive letter there or drags and drops a file. However if they are in Word 2010 and click save as to save the report there they WANT to be able to goto \\fileserver\share2 and simply navigate down to documents\board meetings\reports However they are barred access to folders they cannot read it seems.
I think I have the permissions correct for reading/writing to the end (leaf) directory. What I cannot fathom is how to allow the users to navigate from the root to their desired folder.
Most users are on XP with a couple on Windows 7 in case that matters.