Solved

Network Sharing GPO mapping

Posted on 2014-07-20
14
222 Views
Last Modified: 2014-07-21
we deploy to our users Network drive from GPO mapping Option.

I have a new Project.

Have a net Network share(drive) created ,(letter F:) and created many Folders under it.

 F:\lawyerdoc\Bossdoc
                          Sekdoc
                          comedoc
lawyer
my Boss want to not all members should see all Folders and not all should permission.

Permisions:
1.my Boss want bossdoc ,sekdoc,comedoc full permission all of the Folders.
2.sekdoc : allen,max,alex
3.comedoc: Boss,sarah,mina,alex

my question is: how can i make permissions and mapping to user?
Thanks
0
Comment
Question by:apollo-13
  • 9
  • 5
14 Comments
 
LVL 16

Expert Comment

by:Dirk Mare
ID: 40207706
Create 3 active directory security groups for each folder.
Foldername_full
Foldername_modify
Foldername_readonly

Add the users too the folders with the appropriate permissions.

Next add only the following accounts/groups to the NTFS security tab of the folders within the share..
Foldername_full set Full permissions
Foldername_modify set modify permissions
Foldername_readonly set read only permissions
System set full permissions
Domain\Administrators set full permissions

Next enable Access based enumeration on the folder share, this will enable only users who has permissions to the folder to actually see it, got the rest with no permissions it would be hidden.

DirkMare
0
 

Author Comment

by:apollo-13
ID: 40208215
Thank you for guide
How user will connect share ? Batch datei or ?
0
 
LVL 16

Expert Comment

by:Dirk Mare
ID: 40208300
The easiest would be to create a batch file and name it logon.bat and save the file on \\servername\netlogon
net use N: \\servername\share

Open in new window



go to the Profile Tab under the users properties under ADUC
by logon script type in logon.bat

http://www.petri.com/setting-up-logon-script-through-active-directory-users-computers-windows-server-2008.htm

DirkMare
0
 

Author Comment

by:apollo-13
ID: 40208334
if only one Batch file for all ,then can all see all Folder?
0
 

Author Comment

by:apollo-13
ID: 40208410
do i Need to add all Group first share ,i mean under F: ?
0
 

Author Comment

by:apollo-13
ID: 40208415
Next enable Access based enumeration on the folder share-- how enable it?
0
 

Author Comment

by:apollo-13
ID: 40208417
Next enable Access based enumeration on the folder share-- how enable it?  -Thanks it found it and enabled
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 

Author Comment

by:apollo-13
ID: 40208439
unfortunatly not working if i add not all 3groups under  F:\lawyerdoc\
0
 
LVL 16

Expert Comment

by:Dirk Mare
ID: 40208586
if only one Batch file for all ,then can all see all Folder?
Yes, but when setting the permissions properly it wouldn't matter as ABE will hide the folders that the other users don't have access to.

do i Need to add all Group first share ,i mean under F: ?
No, the root of the share you can share for Everyone and Read for Domain Users..
You need to add the Groups you created to the respective Folders.
Ie; for comedoc
Comedoc_Full and apply permissions
Comedoc_Modify and apply permissions
Comedoc-ReadOnly and apply permissions
and add them to the NTFS permissions TAB of the Comedoc folder within the share.

unfortunatly not working if i add not all 3groups under  F:\lawyerdoc\
Please can you explain what you are seeing or not seeing?

DirkMare
0
 

Author Comment

by:apollo-13
ID: 40208644
hi dirk

I do so
root share = only everyone full

comedoc = comedoc_Full  and added under comedoc Group my testuser.

if i Login Computer F: Drive Comes out automaticallly Super. But all of the Folders i can open even there is not my testuser in Groups.

????
0
 

Author Comment

by:apollo-13
ID: 40208665
do i Need to for all Folder under :F:\lawyerdoc\ make so?
Bossdoc -full,
Bossdoc- modify,
Bossdoc- read,

Sekdoc -full,
Sekdoc- modify,
Sekdoc- read,

comedoc -full,
comedoc- modify,
comedoc- read,
0
 
LVL 16

Expert Comment

by:Dirk Mare
ID: 40208796
can you give me screenshots for the security tabs of both folder and root share?

DirkMare
0
 
LVL 16

Accepted Solution

by:
Dirk Mare earned 500 total points
ID: 40208831
Example..

This is how the security tab looks like of the Share..
Root Share Security Tab (Share)
This is the Folders within the Share..
Misc Folder Structure
This is the Security Tab of the folder within the Share..
Security Tab of the Folder
In the example above, lets say one user only has Read Access to HRDocs and he his AD account is nested in the correct Group he will automaticly have Read permissions. If ABE is enable in the share he will only see the folders he has access to or belongs to a certain group.

DirkMare
0
 

Author Comment

by:apollo-13
ID: 40208930
you are the BEST ,thanks i got it
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
A procedure for exporting installed hotfix details of remote computers using powershell
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now