?
Solved

Network Sharing GPO mapping

Posted on 2014-07-20
14
Medium Priority
?
247 Views
Last Modified: 2014-07-21
we deploy to our users Network drive from GPO mapping Option.

I have a new Project.

Have a net Network share(drive) created ,(letter F:) and created many Folders under it.

 F:\lawyerdoc\Bossdoc
                          Sekdoc
                          comedoc
lawyer
my Boss want to not all members should see all Folders and not all should permission.

Permisions:
1.my Boss want bossdoc ,sekdoc,comedoc full permission all of the Folders.
2.sekdoc : allen,max,alex
3.comedoc: Boss,sarah,mina,alex

my question is: how can i make permissions and mapping to user?
Thanks
0
Comment
Question by:apollo-13
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 5
14 Comments
 
LVL 16

Expert Comment

by:Dirk Mare
ID: 40207706
Create 3 active directory security groups for each folder.
Foldername_full
Foldername_modify
Foldername_readonly

Add the users too the folders with the appropriate permissions.

Next add only the following accounts/groups to the NTFS security tab of the folders within the share..
Foldername_full set Full permissions
Foldername_modify set modify permissions
Foldername_readonly set read only permissions
System set full permissions
Domain\Administrators set full permissions

Next enable Access based enumeration on the folder share, this will enable only users who has permissions to the folder to actually see it, got the rest with no permissions it would be hidden.

DirkMare
0
 

Author Comment

by:apollo-13
ID: 40208215
Thank you for guide
How user will connect share ? Batch datei or ?
0
 
LVL 16

Expert Comment

by:Dirk Mare
ID: 40208300
The easiest would be to create a batch file and name it logon.bat and save the file on \\servername\netlogon
net use N: \\servername\share

Open in new window



go to the Profile Tab under the users properties under ADUC
by logon script type in logon.bat

http://www.petri.com/setting-up-logon-script-through-active-directory-users-computers-windows-server-2008.htm

DirkMare
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:apollo-13
ID: 40208334
if only one Batch file for all ,then can all see all Folder?
0
 

Author Comment

by:apollo-13
ID: 40208410
do i Need to add all Group first share ,i mean under F: ?
0
 

Author Comment

by:apollo-13
ID: 40208415
Next enable Access based enumeration on the folder share-- how enable it?
0
 

Author Comment

by:apollo-13
ID: 40208417
Next enable Access based enumeration on the folder share-- how enable it?  -Thanks it found it and enabled
0
 

Author Comment

by:apollo-13
ID: 40208439
unfortunatly not working if i add not all 3groups under  F:\lawyerdoc\
0
 
LVL 16

Expert Comment

by:Dirk Mare
ID: 40208586
if only one Batch file for all ,then can all see all Folder?
Yes, but when setting the permissions properly it wouldn't matter as ABE will hide the folders that the other users don't have access to.

do i Need to add all Group first share ,i mean under F: ?
No, the root of the share you can share for Everyone and Read for Domain Users..
You need to add the Groups you created to the respective Folders.
Ie; for comedoc
Comedoc_Full and apply permissions
Comedoc_Modify and apply permissions
Comedoc-ReadOnly and apply permissions
and add them to the NTFS permissions TAB of the Comedoc folder within the share.

unfortunatly not working if i add not all 3groups under  F:\lawyerdoc\
Please can you explain what you are seeing or not seeing?

DirkMare
0
 

Author Comment

by:apollo-13
ID: 40208644
hi dirk

I do so
root share = only everyone full

comedoc = comedoc_Full  and added under comedoc Group my testuser.

if i Login Computer F: Drive Comes out automaticallly Super. But all of the Folders i can open even there is not my testuser in Groups.

????
0
 

Author Comment

by:apollo-13
ID: 40208665
do i Need to for all Folder under :F:\lawyerdoc\ make so?
Bossdoc -full,
Bossdoc- modify,
Bossdoc- read,

Sekdoc -full,
Sekdoc- modify,
Sekdoc- read,

comedoc -full,
comedoc- modify,
comedoc- read,
0
 
LVL 16

Expert Comment

by:Dirk Mare
ID: 40208796
can you give me screenshots for the security tabs of both folder and root share?

DirkMare
0
 
LVL 16

Accepted Solution

by:
Dirk Mare earned 2000 total points
ID: 40208831
Example..

This is how the security tab looks like of the Share..
Root Share Security Tab (Share)
This is the Folders within the Share..
Misc Folder Structure
This is the Security Tab of the folder within the Share..
Security Tab of the Folder
In the example above, lets say one user only has Read Access to HRDocs and he his AD account is nested in the correct Group he will automaticly have Read permissions. If ABE is enable in the share he will only see the folders he has access to or belongs to a certain group.

DirkMare
0
 

Author Comment

by:apollo-13
ID: 40208930
you are the BEST ,thanks i got it
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question