[Webinar] Learn how to a build a cloud-first strategyRegister Now


how to block access to a folder within a shared folder for everyone server

Posted on 2012-08-24
Medium Priority
Last Modified: 2012-08-27
Hello Fellow Nerds!

I've been having problems with permissions on folders within a shared folder.  For example, in the main company shared folder there are documents and excel spreadsheets and folders.  Some of these folder must not allow all users to view what is inside of them.  

How do I properly set this up so I don't have wrong permissions set on a file within one of these folder deny the user whom is suppose to see these folders.
Question by:timarnold000
LVL 12

Assisted Solution

aindelicato earned 668 total points
ID: 38331014
break inheritance on the sub-folder.

Navigate to the file or folder to which you want to set permissions. Right-click the file or folder and choose "Properties."

Click the "Security" tab and select "Advanced" to view the permissions options.

Click the box next to "Inherit from parent the permission entries that apply to the child objects" and click "OK" to save the settings. This will disable permission inheritance for the file or folder and its permissions settings can be modified separately from the parent folder.
LVL 10

Expert Comment

ID: 38331015
You would create an ACL on the folder with the sensitive data. Edit the NTFS permissions of the the subfolder. Only allow access to the required users. Deny rules are generally unnecessary.

Accepted Solution

Joel Armstrong earned 1332 total points
ID: 38331046
I use groups to grant access to who needs what.  For example;  if c:\users was a shared folder I give everyone read permissions and and administrators have full access.  Let say you need a data folder under c:\users that  user1 has read permissions but  user2  needs write permissions.  I create two groups such as data_share_RO (for read only) and data_share_admin.  At the folder level under security click advanced, then click edit and uncheck the box "include inheritable permissions from this objects's parent and answer "yes" to the prompt.  This removes all inheritable permissions from the data folder.  click ok twice, this puts you back to the security tab.  Click Edit and add the administrators back with full control.  Now add the two groups and grant them read only rights (group data_share_ro)  and write rights (data_share_admin) respectively.  Click apply and ok.  Now administrators have full control and the group data_share_ro has read permissions and  data_share_admin has everything but full control.   Now add user 1 to data_share_ro and add user2 to data_share_admin.

This might not be the best way but it works for me.
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.


Author Comment

ID: 38333268
Thank you so far for the information everyone. how do I properly set the permissions so they cant delete the file?

Assisted Solution

by:Joel Armstrong
Joel Armstrong earned 1332 total points
ID: 38338314
If you create a global group as described above and grant read and execute rights only then they will not be able to create or delete files but can read.  Only that group and administrators should have access to the folder.  You must also make sure no rights get inherited by removing inheritance under advanced.   Give administrators and the group you create explicit rights.

Author Closing Comment

ID: 38339276
This works great on sbs2011.  Folders even disappear (within a users profile) in the shared folder if permission have been removed (from that user.) NICE!

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

868 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question