Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Folder Permissions for Shares in Server 2012

Posted on 2013-01-16
2
Medium Priority
?
2,689 Views
Last Modified: 2013-01-17
Alright, I must be making a simple mistake here.
I have a new File Server I am configuring running Windows Server 2012.
We have some Shares that should be read only for everyone, except a few users.
I have read that best practice indicates leaving the Share security settings to Allow-Everyone-Full Control.

Under NTFS Permissions I add the user group all my users belong to and give them Read and Execute Permissions (Travers folder / execute file, List folder / read data, Read attributes, Read extended attributes, Read permissions).
This rule applies to Folder, Subfolders, and Files on the share.
I then add myself to have Full Control.

My issue is users still have the following rights I don't want them to have-
Create Files / write data and Create folders / append data.

This Share contains files/folders/subfolders all users should Not have any form of write access too.

What simple thing am I missing or mixing up folks?
I'm trying to avoid using too many Deny permissions, but is that the only easy way to get this to work? Leave the Share as Full Control for Everyone, then explicitly Deny the User's group the correct Write permissions?

Thanks,
Josh
0
Comment
Question by:Josh-IT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 17

Accepted Solution

by:
Brad Bouchard earned 2000 total points
ID: 38783629
All you need to do is give Everyone full share permissions, then give the users who you want to access the actual folders and their files Read permissions.  Easiest way to do this is to right click the top level folder and select properties, sharing tab, advanced sharing, Permissions button, Everyone full control, Ok, Ok, then click Share buton, select users group you want, then give them Read access.
0
 
LVL 1

Author Comment

by:Josh-IT
ID: 38784493
Thanks xBouchardx, that seems to have corrected my problem!
When using the New Share Wizard in Server Manager, it brings you to a step for setting permissions, where you have a Share Tab, and a Permissions Tab.
Do you know how I could do what you explained above using that method as well?
Under Share, I have Everyone, All, Full Control.
Under Permissions I have the users group set to Read & Execute.
Yet users can still create Files/Folders.
I guess I'm just trying to understand the difference in the two methods since it seems doing it during the initial Share Creation should work just the same.

Update-
Alright, I set Share tab as Read Only for Everyone during initial share creation. And under Permissions I set the main user group to have Read & Execute.
Looks like that works for restricting users.
However, since my user is part of the general user group, even though I Add my user to Permissions and add Full Control, I'm still restricted from all Write Functions.
If I add myself to the Share Tab with Full Control, all seems to work as I want.
So I guess I am looking to understand the difference between the Share Tab and the typical NTFS settings in the Permissions tab.
Sorry for the long response.

Thanks
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I was assigned the task of performing a hardware refresh in the datacenter. The previous Windows 2008 systems were connected to the SAN via fiber channel HBA’s and among other thing, had PowerPath installed in order to provide sufficient f…
Windows Server 2003 introduced persistent Volume Shadow Copies and made 2003 a must-do upgrade.  Since then, it's been a must-implement feature for all servers doing any kind of file sharing.
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question