[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 211
  • Last Modified:

Network drive access

Windows Server 2008.  I have a shared folder on the server that everyone can access.  It contains a list of folders that are the names of each employee.  What I want to do is have each folder only allow access to the computer/employee that is assoctiated with the name of the folder.   How do I do this.  I have had troubles in the past trying to allow access to only 1 user for each folder.  I also have a Windows Server 2003 that I would like to do the same thing on.  Not sure if the procedure is different between these to operating systems.
0
mkramer777
Asked:
mkramer777
1 Solution
 
bluemelnCommented:
There are two ways to handle this:
Manually assign the permissions to the folders. Create a shared folder, which I will call Home. You give Full Share Permissions to Everyone (i.e. on the Sharing tab, click Permissions and check Full Control for Everyone - to allow network access to the folder structure). Then restrict access to folder contents using NTFS permissions (Security tab) as follows:
Domain Admins - Full Control
All domain employees (or an equivalent custom group. Never use Everyone. I do not use Authenticated Users because other domain users visit our network and they should not be able to browse this folder) - Modify
SYSTEM - Full Control
Creator Owner - Full Control
On each employee folder, remove the checkmark "Allow inheritable permissions" and/or remove "All domain employees" and replace it with the individual user - Full Control

Let Active Directory assign the permissions for you:
Create the Home share with Full Share Permissions to Everyone as described above. On the Security tab > Advanced. Remove the checkmark from "Allow inheritable permissions" and "replace permission entries."
In Active Directory, open the user's account. On the Profile tab under Home folder, select a drive letter and then type the path of the hoem folder, so for example H:\ and \\servername\home\username. If the folder username does not yet exist, AD will create it. If it exists, AD will ask if you want to give this user access to that folder.

If you are using the second method on existing folders, before you start, highlight all the user folders and under Security > Advanced, make sure that the folders do not inherit permissions from the parent.
0
 
Joseph DalyCommented:
To do this you will need to modify the security on each of the folders.

Right now most likely each user folder is set to inherit the permissions from its parent folder, you do not want this. In the security options you will want to remove the inheritance and then remove all the users/groups that you do not want to have access and add the user who you do. Make sure to keep your admin account/group with full access.
0
 
peter197911Commented:
Lot of it is allready typed above. Easiest way to do this i think (an example)
Create a folder    d:\shares
Security settings on this one:   Owner, System (default i think) + Administrators for admin purposes.
Now Share this folder with full Access to Domain Users  (Check security again after sharing if win2008 didnt change you're security settings also....just tested and it added Domein Users to security settings also)

After this, go to MMC AD-U&Computers, select multiple user accounts where you want a private folder and go to properties. Under Profiles  you can setup a HOME folder with mapping.   type here: \\servername\shares\%username%
This command will create a private folder for all users that you apply this for.
After check the security settings on a "private" home folder to see if it's really a private folder...

good luck
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
mkramer777Author Commented:
I am doing this to backup up my doc files for each employee to the server.  I am using a program that copies all of the user's my docs to this folder on the server every day at noon or 5pm.  Is the above information the best way to keep only one user in each of the folders on the shared folder or is do have a better idea or software that would do this for me?
0
 
peter197911Commented:
If it's a backup, then why should a user have access to it?
I prefer a "offline" backup folder (which users cannot access themselves).

BUT, if you want them to have access, i would use Robocopy to copy the files to you're "backup-share".  Robocopy copy files and with the correct options it keeps the Security ACL settings on folders.
For example.      Robocopy \\server\NormalUserShare\ \\server\backupshare\  /COPYALL /E /S
will copy all user files with the correct permissions. Be sure that you're backup share does have the same permissions as you're normal usershare and give the backupshare the same Share permissions  (Full access for Domain users)...

With Robocopy you can also give the options to only copy newer files (perfect for backup purposes).

0
 
pravin_abhale11Commented:
yes i am agree with the peter
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now