• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 649
  • Last Modified:

how to block access to a folder within a shared folder for everyone server

Hello Fellow Nerds!

I've been having problems with permissions on folders within a shared folder.  For example, in the main company shared folder there are documents and excel spreadsheets and folders.  Some of these folder must not allow all users to view what is inside of them.  

How do I properly set this up so I don't have wrong permissions set on a file within one of these folder deny the user whom is suppose to see these folders.
3 Solutions
break inheritance on the sub-folder.

Navigate to the file or folder to which you want to set permissions. Right-click the file or folder and choose "Properties."

Click the "Security" tab and select "Advanced" to view the permissions options.

Click the box next to "Inherit from parent the permission entries that apply to the child objects" and click "OK" to save the settings. This will disable permission inheritance for the file or folder and its permissions settings can be modified separately from the parent folder.
You would create an ACL on the folder with the sensitive data. Edit the NTFS permissions of the the subfolder. Only allow access to the required users. Deny rules are generally unnecessary.
Joel ArmstrongNetwork AdministratorCommented:
I use groups to grant access to who needs what.  For example;  if c:\users was a shared folder I give everyone read permissions and and administrators have full access.  Let say you need a data folder under c:\users that  user1 has read permissions but  user2  needs write permissions.  I create two groups such as data_share_RO (for read only) and data_share_admin.  At the folder level under security click advanced, then click edit and uncheck the box "include inheritable permissions from this objects's parent and answer "yes" to the prompt.  This removes all inheritable permissions from the data folder.  click ok twice, this puts you back to the security tab.  Click Edit and add the administrators back with full control.  Now add the two groups and grant them read only rights (group data_share_ro)  and write rights (data_share_admin) respectively.  Click apply and ok.  Now administrators have full control and the group data_share_ro has read permissions and  data_share_admin has everything but full control.   Now add user 1 to data_share_ro and add user2 to data_share_admin.

This might not be the best way but it works for me.
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

timarnold000Author Commented:
Thank you so far for the information everyone. how do I properly set the permissions so they cant delete the file?
Joel ArmstrongNetwork AdministratorCommented:
If you create a global group as described above and grant read and execute rights only then they will not be able to create or delete files but can read.  Only that group and administrators should have access to the folder.  You must also make sure no rights get inherited by removing inheritance under advanced.   Give administrators and the group you create explicit rights.
timarnold000Author Commented:
This works great on sbs2011.  Folders even disappear (within a users profile) in the shared folder if permission have been removed (from that user.) NICE!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now