Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Setting Permissions on a Windows 2012 Server Share - Preventing delete, move, create directory

Posted on 2014-03-02
2
Medium Priority
?
532 Views
Last Modified: 2014-03-09
Hi Experts,

I am a server newbie.

We have a Windows 2012 server with a file share called Scans  We would like only this share to be available to VPN clients who are authenticated through our router.  We want them to be able to read the files from the Scans share only.  We do not want them to be able to modify, delete or move the files or folders.

I setup a VPN group and set specific deny permissions – not sure if this is how it should be done… I set the VPN users as members of the VPN group only, not a member of Users. The VPN group members can no longer rename or create files however, they can still delete and move the files between folders within the Scans share. We need to prevent this.

What am I doing wrong here?  Thanks for your help.

Just to be certain, shouldn’t the VPN member’s username and password be the same as they use to log into their windows laptop?  Also, does the group they belong to on their laptop effect their permission on the server (for example, what if someone is logging in from a laptop where they have admin rights?  That shouldn’t “elevate” their rights on the server, right?

Thanks again,
Mike
0
Comment
Question by:jumptohigh
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 10

Accepted Solution

by:
Korbus earned 2000 total points
ID: 39899339
I recommend you adjusted the NTFS folder permissions of the folder (rather than/in addition to, the SHARE).

I suggest you adjust NTFS permissions to simply grant the VPNgroup, "read" and "list folder contents" permissions.  Rather than deny, you can simply NOT grant additional access.
Note: (The reason to do this is so that you can have sub groups, that might have more access.  A DENY will carry through all subgroups.  Also, a member of more that one group can have more access that just a VPN user, but again, a DENY will override this.)

Regarding the vpn users laptop login vs domain login: Not necessarily.  Unless you have the laptop configured as members of the domain;  the laptop user credentials will NOT be the same as the domain credentials.  If they ARE configured as members of the domain, then, YES the user authentication will be via the domain.

Correct, the permission they have to their laptop will NOT effect permission they are granted on the server folders.
0
 

Author Closing Comment

by:jumptohigh
ID: 39916490
That worked!!! Thanks so much!!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Outsource Your Fax Infrastructure to the Cloud (And come out looking like an IT Hero!) Relative to the many demands on today’s IT teams, spending capital, time and resources to maintain physical fax servers and infrastructure is not a high priority.
It’s been over a month into 2017, and there is already a sophisticated Gmail phishing email making it rounds. New techniques and tactics, have given hackers a way to authentically impersonate your contacts.How it Works The attack works by targeti…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question