Solved

Allow access to just one sub folder using NTFS permissions accessing via RWW

Posted on 2014-04-22
4
1,238 Views
Last Modified: 2014-04-22
Hi all,

I'm having a really hard time trying to get the right way to share a folder for a user on a 2011 SBS server.

I will try to simplify the setup and question as best I can.

The main document share on the server all hangs off a folder called D:\Public.  Under that we have Folder A, Folder B, Folder C etc.   Under each of those folders are many subfolders and under those many many more sub folders.

All users were set up to have full control of D:\Public and all sub folders at both share and file level.

A new consultant has just started and only accesses server documents using Remote Web Working.  The new consultant needs to be denied access to absolutely everything on the share except one sub folder all the way down the tree (Let's say D:\Public\Folder B\Clients\Smith\Jones\Projects\4)

I think I am massively over thinking and complicating this but the only way I can think of making sure he can't see anything other than the one folder is to grant access to D:\Public then go in and add the user to all subfolders and select deny apart from the one sub folder he needs.  Unfortunately due to the sheer number of folders this takes ages.  

Can someone please tell me if I can just grant access to one sub folder which will allow them access via the shared folder option in RWW but will not even show the existence of any other folder above it?

Thanks

Adam
0
Comment
Question by:amlydiate
  • 2
  • 2
4 Comments
 
LVL 70

Expert Comment

by:KCTS
ID: 40014975
Create a new share just for that sub-folder and give him access to that (only).
0
 

Author Comment

by:amlydiate
ID: 40015096
Trouble is I've made a rod for my own back by granting "Everyone" access at the top level, therefore even if I just share the sub folder to the one person they are still going to get access to everything else unless I deny permissions to all other folders...
0
 
LVL 70

Accepted Solution

by:
KCTS earned 500 total points
ID: 40015141
Deny should only be used in exceptional circumstances.
Its easy to opt for the 'quick fix' and grant permissions for everyone, more often than not this complicates matters further down the line.
I would re-visit the way you have set out the access with a view to removing permissions for 'everyone'
0
 

Author Closing Comment

by:amlydiate
ID: 40015210
Thanks for your help
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Join & Write a Comment

Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now