The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.
How to restrict access to folders below a folder shared with "Everyone"?
Hi,
We have a folder called "Shared" on our SBS server which is shared at the top level with "Everyone".
We've been asked to create some remote users on the system and to only grant them access to a couple of folders within the Shared folder. I may be missing the obvious and over complicating things but I can't think of an easy way to just grant access to certain folders below that shared folder without removing the "everyone" permission from the top level which I'm reluctant to do as it will open a can of worms.
Any advice gladly received!
Thanks
Adam
We have a folder called "Shared" on our SBS server which is shared at the top level with "Everyone".
We've been asked to create some remote users on the system and to only grant them access to a couple of folders within the Shared folder. I may be missing the obvious and over complicating things but I can't think of an easy way to just grant access to certain folders below that shared folder without removing the "everyone" permission from the top level which I'm reluctant to do as it will open a can of worms.
Any advice gladly received!
Thanks
Adam
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get this solution by purchasing an Individual license!
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
Hi Foxluv,
Thanks for that, problem is that they have 55 users and I'll have to add them all in manually if I don't use the everyone group. The top level folder has say 50 subfolders and I want everyone except 1 person to have access to all 50 folders, the 1 person will only have access to 1 folder of the 50 but everyone else will also need access to that 1 folder. If I remove Everyone from the top level surely I'll have to manually put each user except that one I want to restrict back in won't I?
Thanks
Thanks for that, problem is that they have 55 users and I'll have to add them all in manually if I don't use the everyone group. The top level folder has say 50 subfolders and I want everyone except 1 person to have access to all 50 folders, the 1 person will only have access to 1 folder of the 50 but everyone else will also need access to that 1 folder. If I remove Everyone from the top level surely I'll have to manually put each user except that one I want to restrict back in won't I?
Thanks
Hi,
Surely that will deny access to the 1 folder I want that user to have access to. I effectively want to deny access for 1 user to all except 1 folder under the Shared folder. If I remove inherited permissions on that 1 folder and add the user I want to give access to then everyone else will not be able to see the folder but they need to see it too. You can see why I was confused enough to ask the question! :-)
Surely that will deny access to the 1 folder I want that user to have access to. I effectively want to deny access for 1 user to all except 1 folder under the Shared folder. If I remove inherited permissions on that 1 folder and add the user I want to give access to then everyone else will not be able to see the folder but they need to see it too. You can see why I was confused enough to ask the question! :-)
Go to the last comment in this link. Remove his rights to the folder and sub folders, then if anything add him manually to the one folder you want him to have access to.
https://social.technet.microsoft.com/Forums/windowsserver/en-US/a7c4a7a7-6c53-4ec6-b92d-035dbff13d8e/powershell-scrip-to-remove-security-permission-from-filesfolders?forum=winserverpowershell
https://social.technet.microsoft.com/Forums/windowsserver/en-US/a7c4a7a7-6c53-4ec6-b92d-035dbff13d8e/powershell-scrip-to-remove-security-permission-from-filesfolders?forum=winserverpowershell
create a 2 new security groups: name one 'restricted users', name the other 'unrestricted users'
add the new user into restricted users group and the remainder into the unrestricted users group
share permissions can still be everyone with read/write
d:\topfolder shared as 'shared' ntfs permissions 'unrestricted users' (read/write/modify/delete/
create a new share d:\topfolder\restricted as 'restricted' give permissions to 'unrestricted users' and 'restricted users'
add the new user into restricted users group and the remainder into the unrestricted users group
share permissions can still be everyone with read/write
d:\topfolder shared as 'shared' ntfs permissions 'unrestricted users' (read/write/modify/delete/
create a new share d:\topfolder\restricted as 'restricted' give permissions to 'unrestricted users' and 'restricted users'
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trial
Thanks Foxluv and David, have split the points between you as I'm sure Foxluv's suggestion will work but I'm too chicken to run a script on this server and David's suggestion sounds like a good way around. Thanks both
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory
From novice to tech pro — start learning today.
-
Windows Server 2016Certification: MCSE Microsoft Certified Systems Engineer - Networki… 282 lessons
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get this solution by purchasing an Individual license!
Start your 7-day free trial.
Include inheritable permissions from this object's parent>click ADD
You can now highlight and remove EVERYONE from this folder and add who you need to access it.