Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

group access to shared folder

Posted on 2012-03-23
7
Medium Priority
?
461 Views
Last Modified: 2012-04-08
Hello,

I have setup a shares for the following:

d:\share = \\server\share

All users have read access.

I have setup groups to provide different access.

d:\share\department1  - dept1 can have full control, all others can read only
d:\share\department2 - dept2 can have full control, all others can read only

How can I provide one share so I change access by groups for different folders?
0
Comment
Question by:tucktech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 37758947
You can give them full control via share and then you can use NTFS permissions on the folder (right click on the folder and then the security tab)

So you setup dept1 the way you described and then dept2.  
Thanks

Mike
0
 

Author Comment

by:tucktech
ID: 37759003
I did this and they the group I tested had full control in the root directory and every directory of the share.

More specifically I gave read/write share control to all users.  I had already changed the security access availalbe at the sub folder levels.

Rather than giving full control to everyone should I list the groups individually in the share?
0
 
LVL 7

Expert Comment

by:hirenvmajithiya
ID: 37761948
As share permission and NTFS permission takes effect back to back, you can give full access to everyone one \\server\share folder and then in NTFS you assign permission as you need.

Hiren
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 1

Expert Comment

by:mbm2708
ID: 37775136
hi man

simple

you create 2 groups dep1 and dep 2  put the user on the right group dont forget setup the group as security group and global group

go to the share management and click on the propriets of department1 and add the group dep1 and put as full permission and everyone as read permission
the same to the department2



thank you
0
 

Author Comment

by:tucktech
ID: 37798015
None of this is working as I would think. Let me explain further and you may be able to see my error in applying the access.

Everyone has use of the share drive via an s: drive.  In other words, if I were to setup from the command prompt.  I would type net use s: \\server\share.  Everyone has this same "use" statement.

What I wanted to do was for everyone to have the same "s" drive and to control access via groups.  Via the share from the server (and note I am using DFS). I provided everyone read access.  Then I went, on the server, and allowed specific group access to their folder.  My results was that when i logged in as a member of a share that should have had access, I got access denied when I tried to create a folder.

When I went back and provided full control for the share with a specific group, that allowed full control regardless of the NTFS security.

It appears share overrules NTFS security.

Help....
0
 

Accepted Solution

by:
tucktech earned 0 total points
ID: 37803219
AHH HA!  I figured it out.

ON the root share directory I had to remove the "Include inheritable permissions from this object's parent" found in the folders Properties | Security | Advanced.

Once I did this it all came together.
0
 

Author Closing Comment

by:tucktech
ID: 37820901
I had already understood what the other comments provided.  Once I went back and read through how the permissions work for Server 2008, etc.. I found that I did NOT want inheratence for the root object.  Once I did this it worked.  None of the answers were wrong they just did not include this required piece of information to fix my concern.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Let's recap what we learned from yesterday's Skyport Systems webinar.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question