Solved

Permissions in Server 2008

Posted on 2014-12-11
11
65 Views
Last Modified: 2015-01-13
Hello Experts!

I created a folder that need to be tightened down to one Full Control user.  Other users can read and execute.

However when I got that that folder form another user, that user can still make changes to the file.  Sharing is apparently different in '08 than it was in '03.

What all do I need to do to prevent changes to this file except by that one user?

Thanks

thedslguy
0
Comment
Question by:thedslguy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
11 Comments
 
LVL 24

Expert Comment

by:NVIT
ID: 40494634
Assuming the UserToLockOut previously had the right to make changes before you locked it down, UserToLockOut must logout then logon to see new rights.
0
 
LVL 1

Author Comment

by:thedslguy
ID: 40494672
NewVillageIT

UserToLockOut is a term with which I am not familiar.

Tell me more about it, please.

Thanks

tdg
0
 
LVL 24

Expert Comment

by:NVIT
ID: 40494678
Sorry, I just meant in general - the user you want to lock out or restrict from that folder or file. It is not a switch or setting.
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 
LVL 1

Author Comment

by:thedslguy
ID: 40494724
NewVillageT

OK, I get it.

Look at the screenshot I sent.  you will notice that Users is the user I have selected and it is both Full Control and greyed out so I cannot change it.

I believe this is the reason that any user can make changes to the file.
0
 
LVL 24

Expert Comment

by:NVIT
ID: 40494755
I don't see an attachment.

when I got that that folder form another user
Please clarify.

What have you done so far to try to restrict access?
0
 
LVL 1

Author Comment

by:thedslguy
ID: 40499599
NewVillageT

That should have read "When I go to that folder from another user....."

I have given one user Full Control and the other users I gave Read & Execute

I'll get another screenshot and attach it
screenshot.jpg
0
 
LVL 24

Accepted Solution

by:
NVIT earned 500 total points
ID: 40499679
EDIT #2:

Logon admin.

Make a test folder and copy some files to it.

Right- click the folder. Properties. In the Security tab , pick Advanced. Pick Change Permissions. Uncheck Include Inheritable Permissions from parent. In the pop up dialog, pick Add.

Pick OK until you're back to the Security tab. Pick Edit.

Here, Add and Remove users and groups.

Make sure the restricted user and his groups just has Read & Execute rights.

But, make sure your Full Control user, administrator or domain admin is included with Full Control rights.

Pick OK when done.

Logon the restricted user. Can he see the folder contents? He may be able to see the folder but not the contents.
0
 
LVL 1

Author Comment

by:thedslguy
ID: 40507600
NewVillageIT

I'll try this over the weekend.

Thanks

tdg
0
 
LVL 1

Author Comment

by:thedslguy
ID: 40547580
I tried this and the result was a loss of information such that the user had to rebuild the file.
She was pretty upset and so was her boss.

They have decided to leave it as is.

There is definitely something wrong with the file, but I'm not willing to risk any further damage.

I will split the points

tdg
0
 
LVL 1

Author Comment

by:thedslguy
ID: 40547584
Oops

No need to split them.
0
 
LVL 24

Expert Comment

by:NVIT
ID: 40548020
@thedslguy,

I'm confused. You awarded points but it doesn't sound like it worked due to "...loss of information"

Still, the steps I showed would not damage the file contents. At the most, it would hide the file itself from certain users except the Full Control user, domain admin, or administrator. The file would still be there, accessible to these excepted users. In addition, I mentioned to do a test folder.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
Suggested Courses

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question