Setting Permissions on a Windows 2012 Server Share - Preventing delete, move, create directory
Posted on 2014-03-02
I am a server newbie.
We have a Windows 2012 server with a file share called Scans We would like only this share to be available to VPN clients who are authenticated through our router. We want them to be able to read the files from the Scans share only. We do not want them to be able to modify, delete or move the files or folders.
I setup a VPN group and set specific deny permissions – not sure if this is how it should be done… I set the VPN users as members of the VPN group only, not a member of Users. The VPN group members can no longer rename or create files however, they can still delete and move the files between folders within the Scans share. We need to prevent this.
What am I doing wrong here? Thanks for your help.
Just to be certain, shouldn’t the VPN member’s username and password be the same as they use to log into their windows laptop? Also, does the group they belong to on their laptop effect their permission on the server (for example, what if someone is logging in from a laptop where they have admin rights? That shouldn’t “elevate” their rights on the server, right?