If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.
Solved
How to restrict access to folders below a folder shared with "Everyone"?
Posted on 2016-08-26
Hi,
We have a folder called "Shared" on our SBS server which is shared at the top level with "Everyone".
We've been asked to create some remote users on the system and to only grant them access to a couple of folders within the Shared folder. I may be missing the obvious and over complicating things but I can't think of an easy way to just grant access to certain folders below that shared folder without removing the "everyone" permission from the top level which I'm reluctant to do as it will open a can of worms.
Any advice gladly received!
Thanks
Adam
We have a folder called "Shared" on our SBS server which is shared at the top level with "Everyone".
We've been asked to create some remote users on the system and to only grant them access to a couple of folders within the Shared folder. I may be missing the obvious and over complicating things but I can't think of an easy way to just grant access to certain folders below that shared folder without removing the "everyone" permission from the top level which I'm reluctant to do as it will open a can of worms.
Any advice gladly received!
Thanks
Adam
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
3
-
3
7 Comments
Active 3 days ago
Right-click the shared file/ folder>Security>click the advanced tab>click change permissions>uncheck
Include inheritable permissions from this object's parent>click ADD
You can now highlight and remove EVERYONE from this folder and add who you need to access it.
Include inheritable permissions from this object's parent>click ADD
You can now highlight and remove EVERYONE from this folder and add who you need to access it.
Active 3 days ago
Hi Foxluv,
Thanks for that, problem is that they have 55 users and I'll have to add them all in manually if I don't use the everyone group. The top level folder has say 50 subfolders and I want everyone except 1 person to have access to all 50 folders, the 1 person will only have access to 1 folder of the 50 but everyone else will also need access to that 1 folder. If I remove Everyone from the top level surely I'll have to manually put each user except that one I want to restrict back in won't I?
Thanks
Thanks for that, problem is that they have 55 users and I'll have to add them all in manually if I don't use the everyone group. The top level folder has say 50 subfolders and I want everyone except 1 person to have access to all 50 folders, the 1 person will only have access to 1 folder of the 50 but everyone else will also need access to that 1 folder. If I remove Everyone from the top level surely I'll have to manually put each user except that one I want to restrict back in won't I?
Thanks
Active 3 days ago
Hi,
Surely that will deny access to the 1 folder I want that user to have access to. I effectively want to deny access for 1 user to all except 1 folder under the Shared folder. If I remove inherited permissions on that 1 folder and add the user I want to give access to then everyone else will not be able to see the folder but they need to see it too. You can see why I was confused enough to ask the question! :-)
Surely that will deny access to the 1 folder I want that user to have access to. I effectively want to deny access for 1 user to all except 1 folder under the Shared folder. If I remove inherited permissions on that 1 folder and add the user I want to give access to then everyone else will not be able to see the folder but they need to see it too. You can see why I was confused enough to ask the question! :-)
Active 3 days ago
Go to the last comment in this link. Remove his rights to the folder and sub folders, then if anything add him manually to the one folder you want him to have access to.
https://social.technet.microsoft.com/Forums/windowsserver/en-US/a7c4a7a7-6c53-4ec6-b92d-035dbff13d8e/powershell-scrip-to-remove-security-permission-from-filesfolders?forum=winserverpowershell
https://social.technet.microsoft.com/Forums/windowsserver/en-US/a7c4a7a7-6c53-4ec6-b92d-035dbff13d8e/powershell-scrip-to-remove-security-permission-from-filesfolders?forum=winserverpowershell
Active 1 day ago
create a 2 new security groups: name one 'restricted users', name the other 'unrestricted users'
add the new user into restricted users group and the remainder into the unrestricted users group
share permissions can still be everyone with read/write
d:\topfolder shared as 'shared' ntfs permissions 'unrestricted users' (read/write/modify/delete/
create a new share d:\topfolder\restricted as 'restricted' give permissions to 'unrestricted users' and 'restricted users'
add the new user into restricted users group and the remainder into the unrestricted users group
share permissions can still be everyone with read/write
d:\topfolder shared as 'shared' ntfs permissions 'unrestricted users' (read/write/modify/delete/
create a new share d:\topfolder\restricted as 'restricted' give permissions to 'unrestricted users' and 'restricted users'
Featured Post
If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s
ManageEngine
webinar, where attendees received a comprehensive look at the ma…
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses
Course of the Month8 days, 18 hours left to enroll
604 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.