Solved

We don't want folders on server to be accessed by everyone

Posted on 2016-09-06
8
41 Views
Last Modified: 2016-09-29
Goal:  I want to only give access to the individual themselves, the administrator and on some of them one or two other people.  

We have a server that is running Windows Server 2012.    The files that people save into their individual folders on the were originally set up so that everyone can access them.   When I right click on he parent folder and the individual folders inside and go to Properties and Security there is  "Administrators",  Administrator", "System", and "Users".    
On the individual folders, I can add the individual but the "users" group is still present and can access the folder.  I tried to remove Users but it says if a person has rights in two groups and you remove one group, then that is the over riding rule (No access).   How do I begin to change this so I can accomplish the goal above?
0
Comment
Question by:syssolut
8 Comments
 
LVL 14

Assisted Solution

by:Schnell Solutions
Schnell Solutions earned 125 total points (awarded by participants)
Comment Utility
You can remove the group. The user just need to be listed once in the permissions (without groups), or... anyone of his/her groups is enough to allow the permission. (You do not need the combination of both).
0
 
LVL 61

Accepted Solution

by:
btan earned 250 total points (awarded by participants)
Comment Utility
User has to be given ownership to their folder and also disable inheritance ro futher customise who can be allowed. See the step through

http://www.online-tech-tips.com/computer-tips/set-file-folder-permissions-windows/
0
 
LVL 76

Assisted Solution

by:arnold
arnold earned 125 total points (awarded by participants)
Comment Utility
Instead of starting from what you do not want, start with what you do want and to whom you wish to grant access and the type of access.
From the Share permission tab, you can grant sharing rights which are superseded by security permissions.

The more restrictive rule will apply, so long as you do not have a deny rule on users, a user that is a member of two groups may have rights to ....

You can use icacls as well as advanced under the security tab, to check a user's effective permissions to confirm that the user will have rights to the folder/contents ......

The structure of the folders could also impact, i.e. if you have hierarchical
top administrators have full rights, system has full rights and domain users have listing rights on this level only......
subfolder1, add user1
subfolder2 add user2
subfolder3 add user3

The sharing permissions will be less restrictive as you can grant the full rights to domain users
The effect while user1, user2 will see subfolder3 they will not be permitted to access each others nor user3's folder.

What types of folders are these? One option could be to use redirected folders documents, desktop, etc.
another option could be to use mapped drives using GPP to deploy specific "drives" to users.......whose top level will have the rights you want, etc......system, administrators, but each user will have drive M: for example locked into their folder without being able to see the contents from the others.......
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 

Author Comment

by:syssolut
Comment Utility
So lets say I have Folder "A" and everyone has full control because in this folder are individual folders for Bob, Mary, Alice, Ken and Karen.   On each of these individual folders everyone has full rights at this time (along with SYSTEM, Administrators, and Administrator).   Can I go to the individual folder, say Mary's and add Mary in the Security,  then delete the "USERS" from Mary's folder?   This way Everyone has rights to the Folder "A" but then only Mary has rights to Mary's folder and no one else (except SYSTEM, Administrators and administrator)?
0
 
LVL 76

Assisted Solution

by:arnold
arnold earned 125 total points (awarded by participants)
Comment Utility
On the Share folder you have two tabs, sharing and security. This is where you set what the user that accesses this share sees.
The security settings on this and subsequent folders will dictate how far each user who accesses the share can go.

Note on the security settings, if you have inheritance enabled. the TOP folder will dictate what subfolders have.


Yes, you can but for that you would first have to terminate inheritance, and copy the existing settings.
Then adjust the security parameters as you see fit.
0
 
LVL 61

Assisted Solution

by:btan
btan earned 250 total points (awarded by participants)
Comment Utility
Yes you can but as mentioned earlier you need to disable inheritance to customise the specific group or Users for the sub folder otherwise the access given in folder A takes precedence - meaning those users belonging to admin can still access all the sub folder (you notice they are included by default in the subfolder permission list of group).
0
 
LVL 61

Expert Comment

by:btan
Comment Utility
As advised by experts.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Suggested Solutions

Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now