Solved

Network drive access

Posted on 2011-09-29
6
188 Views
Last Modified: 2012-05-12
Windows Server 2008.  I have a shared folder on the server that everyone can access.  It contains a list of folders that are the names of each employee.  What I want to do is have each folder only allow access to the computer/employee that is assoctiated with the name of the folder.   How do I do this.  I have had troubles in the past trying to allow access to only 1 user for each folder.  I also have a Windows Server 2003 that I would like to do the same thing on.  Not sure if the procedure is different between these to operating systems.
0
Comment
Question by:mkramer777
6 Comments
 
LVL 6

Accepted Solution

by:
bluemeln earned 250 total points
ID: 36816914
There are two ways to handle this:
Manually assign the permissions to the folders. Create a shared folder, which I will call Home. You give Full Share Permissions to Everyone (i.e. on the Sharing tab, click Permissions and check Full Control for Everyone - to allow network access to the folder structure). Then restrict access to folder contents using NTFS permissions (Security tab) as follows:
Domain Admins - Full Control
All domain employees (or an equivalent custom group. Never use Everyone. I do not use Authenticated Users because other domain users visit our network and they should not be able to browse this folder) - Modify
SYSTEM - Full Control
Creator Owner - Full Control
On each employee folder, remove the checkmark "Allow inheritable permissions" and/or remove "All domain employees" and replace it with the individual user - Full Control

Let Active Directory assign the permissions for you:
Create the Home share with Full Share Permissions to Everyone as described above. On the Security tab > Advanced. Remove the checkmark from "Allow inheritable permissions" and "replace permission entries."
In Active Directory, open the user's account. On the Profile tab under Home folder, select a drive letter and then type the path of the hoem folder, so for example H:\ and \\servername\home\username. If the folder username does not yet exist, AD will create it. If it exists, AD will ask if you want to give this user access to that folder.

If you are using the second method on existing folders, before you start, highlight all the user folders and under Security > Advanced, make sure that the folders do not inherit permissions from the parent.
0
 
LVL 35

Expert Comment

by:Joseph Daly
ID: 36816916
To do this you will need to modify the security on each of the folders.

Right now most likely each user folder is set to inherit the permissions from its parent folder, you do not want this. In the security options you will want to remove the inheritance and then remove all the users/groups that you do not want to have access and add the user who you do. Make sure to keep your admin account/group with full access.
0
 
LVL 5

Expert Comment

by:peter197911
ID: 36817302
Lot of it is allready typed above. Easiest way to do this i think (an example)
Create a folder    d:\shares
Security settings on this one:   Owner, System (default i think) + Administrators for admin purposes.
Now Share this folder with full Access to Domain Users  (Check security again after sharing if win2008 didnt change you're security settings also....just tested and it added Domein Users to security settings also)

After this, go to MMC AD-U&Computers, select multiple user accounts where you want a private folder and go to properties. Under Profiles  you can setup a HOME folder with mapping.   type here: \\servername\shares\%username%
This command will create a private folder for all users that you apply this for.
After check the security settings on a "private" home folder to see if it's really a private folder...

good luck
0
Are end users causing IT problems again?

You’ve taken the time to design and update all your end user’s email signatures, only to find out they’re messing up the HTML, changing the font and ruining the imagery. What can you do to prevent this? Find out how you can save your signatures from end users today.

 

Author Comment

by:mkramer777
ID: 36817779
I am doing this to backup up my doc files for each employee to the server.  I am using a program that copies all of the user's my docs to this folder on the server every day at noon or 5pm.  Is the above information the best way to keep only one user in each of the folders on the shared folder or is do have a better idea or software that would do this for me?
0
 
LVL 5

Expert Comment

by:peter197911
ID: 36889942
If it's a backup, then why should a user have access to it?
I prefer a "offline" backup folder (which users cannot access themselves).

BUT, if you want them to have access, i would use Robocopy to copy the files to you're "backup-share".  Robocopy copy files and with the correct options it keeps the Security ACL settings on folders.
For example.      Robocopy \\server\NormalUserShare\ \\server\backupshare\  /COPYALL /E /S
will copy all user files with the correct permissions. Be sure that you're backup share does have the same permissions as you're normal usershare and give the backupshare the same Share permissions  (Full access for Domain users)...

With Robocopy you can also give the options to only copy newer files (perfect for backup purposes).

0
 
LVL 2

Expert Comment

by:pravin_abhale11
ID: 36890228
yes i am agree with the peter
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

27 Experts available now in Live!

Get 1:1 Help Now