Network Sharing GPO mapping

we deploy to our users Network drive from GPO mapping Option.

I have a new Project.

Have a net Network share(drive) created ,(letter F:) and created many Folders under it.

 F:\lawyerdoc\Bossdoc
                          Sekdoc
                          comedoc
lawyer
my Boss want to not all members should see all Folders and not all should permission.

Permisions:
1.my Boss want bossdoc ,sekdoc,comedoc full permission all of the Folders.
2.sekdoc : allen,max,alex
3.comedoc: Boss,sarah,mina,alex

my question is: how can i make permissions and mapping to user?
Thanks
apollo-13Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dirk MareSystems Engineer (Acting IT Manager)Commented:
Create 3 active directory security groups for each folder.
Foldername_full
Foldername_modify
Foldername_readonly

Add the users too the folders with the appropriate permissions.

Next add only the following accounts/groups to the NTFS security tab of the folders within the share..
Foldername_full set Full permissions
Foldername_modify set modify permissions
Foldername_readonly set read only permissions
System set full permissions
Domain\Administrators set full permissions

Next enable Access based enumeration on the folder share, this will enable only users who has permissions to the folder to actually see it, got the rest with no permissions it would be hidden.

DirkMare
0
apollo-13Author Commented:
Thank you for guide
How user will connect share ? Batch datei or ?
0
Dirk MareSystems Engineer (Acting IT Manager)Commented:
The easiest would be to create a batch file and name it logon.bat and save the file on \\servername\netlogon
net use N: \\servername\share

Open in new window



go to the Profile Tab under the users properties under ADUC
by logon script type in logon.bat

http://www.petri.com/setting-up-logon-script-through-active-directory-users-computers-windows-server-2008.htm

DirkMare
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

apollo-13Author Commented:
if only one Batch file for all ,then can all see all Folder?
0
apollo-13Author Commented:
do i Need to add all Group first share ,i mean under F: ?
0
apollo-13Author Commented:
Next enable Access based enumeration on the folder share-- how enable it?
0
apollo-13Author Commented:
Next enable Access based enumeration on the folder share-- how enable it?  -Thanks it found it and enabled
0
apollo-13Author Commented:
unfortunatly not working if i add not all 3groups under  F:\lawyerdoc\
0
Dirk MareSystems Engineer (Acting IT Manager)Commented:
if only one Batch file for all ,then can all see all Folder?
Yes, but when setting the permissions properly it wouldn't matter as ABE will hide the folders that the other users don't have access to.

do i Need to add all Group first share ,i mean under F: ?
No, the root of the share you can share for Everyone and Read for Domain Users..
You need to add the Groups you created to the respective Folders.
Ie; for comedoc
Comedoc_Full and apply permissions
Comedoc_Modify and apply permissions
Comedoc-ReadOnly and apply permissions
and add them to the NTFS permissions TAB of the Comedoc folder within the share.

unfortunatly not working if i add not all 3groups under  F:\lawyerdoc\
Please can you explain what you are seeing or not seeing?

DirkMare
0
apollo-13Author Commented:
hi dirk

I do so
root share = only everyone full

comedoc = comedoc_Full  and added under comedoc Group my testuser.

if i Login Computer F: Drive Comes out automaticallly Super. But all of the Folders i can open even there is not my testuser in Groups.

????
0
apollo-13Author Commented:
do i Need to for all Folder under :F:\lawyerdoc\ make so?
Bossdoc -full,
Bossdoc- modify,
Bossdoc- read,

Sekdoc -full,
Sekdoc- modify,
Sekdoc- read,

comedoc -full,
comedoc- modify,
comedoc- read,
0
Dirk MareSystems Engineer (Acting IT Manager)Commented:
can you give me screenshots for the security tabs of both folder and root share?

DirkMare
0
Dirk MareSystems Engineer (Acting IT Manager)Commented:
Example..

This is how the security tab looks like of the Share..
Root Share Security Tab (Share)
This is the Folders within the Share..
Misc Folder Structure
This is the Security Tab of the folder within the Share..
Security Tab of the Folder
In the example above, lets say one user only has Read Access to HRDocs and he his AD account is nested in the correct Group he will automaticly have Read permissions. If ABE is enable in the share he will only see the folders he has access to or belongs to a certain group.

DirkMare
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
apollo-13Author Commented:
you are the BEST ,thanks i got it
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.