Solved

NTFS Permissions on Server 2008 R2, allowing access to subfolder only

Posted on 2014-02-07
6
1,277 Views
Last Modified: 2014-02-15
Hi,
I have inherited a really messy file server and am having problems getting the right access to  user to a subfolder.

Have a Departments Share. Inside that share there are a large number of sub folders that don't have any individual share, just NTFS permissions.

Have an Accounting folder inside the departments share, and a folder "needs access" inside that. So I have a user I want to be able to mount the share Departments (works), then click Accounting Folder and only be able to see the list of folders underneath and then click "Needs Access folder" to which they have full access.

Thought that setting special permission Traverse Folder/Execute on folder Accounting for this user, then setting NTFS permissions on the Needs Access folder would allow this to work but when I try this the user is unable to open the Accounting Folder.

I have setup a share directly to the "Needs Access" folder to get around this but would like to get this setup correctly.
0
Comment
Question by:adamant40
  • 3
  • 2
6 Comments
 
LVL 35

Expert Comment

by:Mahesh
ID: 39842733
What share permissions do you have on departmental share folder ?

It must have change share permissions to users on departmental folder, and then you need to give users list folder contents \ read, read and execute and list folder permissions on same folder with this folders, subfolders and files as a scope if you want users to access all folders underneath departmental share folder
OR
this folder only as a scope if you want that users should be able to access specific folders only underneath departmental share folder.
Further,This permissions must be getting inherited by accounting folder and then on "Need Access" folder you should give him modify \ required permissions.

May be your inherited permissions are not applying \ getting inherited by accounts folder

In that case check ownership of all 3 folders
If ownership is different, you need to take ownership of departmental folder 1st with "Replace owners on sub container" option selected so that you can apply permissions seamlessly

Mahesh
0
 
LVL 19

Expert Comment

by:Patricksr1972
ID: 39842734
A) how is rights inheritance arranged?
Can you post screens of the ntfs and security tabs?
0
 

Author Comment

by:adamant40
ID: 39842896
Stuck on another issue, will respond when I can. Thank you for your replies.
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 

Accepted Solution

by:
adamant40 earned 0 total points
ID: 39847786
Well stumbled across the settings that woud give me the desired results.  
ON Accounting I did special and then
Traverse Folder
List Folder
Read Attributes
Read Permissions
and APPLY to: This folder only.
0
 
LVL 35

Assisted Solution

by:Mahesh
Mahesh earned 500 total points
ID: 39847846
If need access is the only folder underneath accounting folder to which users need access, then you have done correct.
But again you need to give modify NTFS permissions on Need access folder with This folder, subfolder and files as apply to scope so that users can work with that folder

Mahesh
0
 

Author Closing Comment

by:adamant40
ID: 39861143
Accepted my comment as it was the exact settings that worked.
0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now