How to restrict directory access on network share to small subset of users / Why are "Allow" checkmarks greyed out?
We have a network share on our LAN. It contains some directories. I wish one of the directories to only appear for about five employees in the company who coincidentally are in the Administrators group.. What is the easiest way to pull that off without access the Active Directory or RDP onto the machine itself? I can have the Sys Admin guy do that but I was wondering if a user like me could do it.
From my computer I just right-clicked the directory's Properties to view the Security tab. If I drill in a bit I get the attached screen shot.
It's my understanding if I click "deny" for the Everyone group that will block EVERYONE but me, so that is not the correct way. Evidently, deny overrides other access.
So, methinks I would just un-check the "Allow" checkboxes for the Everyone... that would alllow the Administrators to have access as desired.
BUT, I can't uncheck the Everyone "Allow" access because they are GREY... locked somehow.
How do I get around this?
What is the most straightforward way to only allow Admins to this "test" directory?
From my computer I just right-clicked the directory's Properties to view the Security tab. If I drill in a bit I get the attached screen shot.
It's my understanding if I click "deny" for the Everyone group that will block EVERYONE but me, so that is not the correct way. Evidently, deny overrides other access.
So, methinks I would just un-check the "Allow" checkboxes for the Everyone... that would alllow the Administrators to have access as desired.
BUT, I can't uncheck the Everyone "Allow" access because they are GREY... locked somehow.
How do I get around this?
What is the most straightforward way to only allow Admins to this "test" directory?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I agree with smckeown777 that you are not an admin (refer to my mentioning no modify button before) however you appear to have some authority since you have the Add and Remove buttons.
Following up with smckeown777's remaining comment(s), you should add the group/groups that need access prior to removing the Everyone group.
On another note, it is a good idea for your "sys admin" remove the "everyone" group and add "authenticated users" from all foder permissions if possible.
Everyone = everyone (even if they are not logged into the network
Authenticated Users = ONLY individuals that have authenticated to the domain (logged into the network) will have any access.
Following up with smckeown777's remaining comment(s), you should add the group/groups that need access prior to removing the Everyone group.
On another note, it is a good idea for your "sys admin" remove the "everyone" group and add "authenticated users" from all foder permissions if possible.
Everyone = everyone (even if they are not logged into the network
Authenticated Users = ONLY individuals that have authenticated to the domain (logged into the network) will have any access.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I learned I had to un-check "Include inheritable permissions from this object's parent" then I was able to remove the EVERYONE group. Thanks!
ASKER
(I am part of the Administrators group.)
ASKER
Permissions-for-test-2012-04-17-.jpg