We don't want folders on server to be accessed by everyone

Goal:  I want to only give access to the individual themselves, the administrator and on some of them one or two other people.  

We have a server that is running Windows Server 2012.    The files that people save into their individual folders on the were originally set up so that everyone can access them.   When I right click on he parent folder and the individual folders inside and go to Properties and Security there is  "Administrators",  Administrator", "System", and "Users".    
On the individual folders, I can add the individual but the "users" group is still present and can access the folder.  I tried to remove Users but it says if a person has rights in two groups and you remove one group, then that is the over riding rule (No access).   How do I begin to change this so I can accomplish the goal above?
syssolutAsked:
Who is Participating?
 
btanConnect With a Mentor Exec ConsultantCommented:
User has to be given ownership to their folder and also disable inheritance ro futher customise who can be allowed. See the step through

http://www.online-tech-tips.com/computer-tips/set-file-folder-permissions-windows/
0
 
Schnell SolutionsConnect With a Mentor Systems Infrastructure EngineerCommented:
You can remove the group. The user just need to be listed once in the permissions (without groups), or... anyone of his/her groups is enough to allow the permission. (You do not need the combination of both).
0
 
arnoldConnect With a Mentor Commented:
Instead of starting from what you do not want, start with what you do want and to whom you wish to grant access and the type of access.
From the Share permission tab, you can grant sharing rights which are superseded by security permissions.

The more restrictive rule will apply, so long as you do not have a deny rule on users, a user that is a member of two groups may have rights to ....

You can use icacls as well as advanced under the security tab, to check a user's effective permissions to confirm that the user will have rights to the folder/contents ......

The structure of the folders could also impact, i.e. if you have hierarchical
top administrators have full rights, system has full rights and domain users have listing rights on this level only......
subfolder1, add user1
subfolder2 add user2
subfolder3 add user3

The sharing permissions will be less restrictive as you can grant the full rights to domain users
The effect while user1, user2 will see subfolder3 they will not be permitted to access each others nor user3's folder.

What types of folders are these? One option could be to use redirected folders documents, desktop, etc.
another option could be to use mapped drives using GPP to deploy specific "drives" to users.......whose top level will have the rights you want, etc......system, administrators, but each user will have drive M: for example locked into their folder without being able to see the contents from the others.......
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
syssolutAuthor Commented:
So lets say I have Folder "A" and everyone has full control because in this folder are individual folders for Bob, Mary, Alice, Ken and Karen.   On each of these individual folders everyone has full rights at this time (along with SYSTEM, Administrators, and Administrator).   Can I go to the individual folder, say Mary's and add Mary in the Security,  then delete the "USERS" from Mary's folder?   This way Everyone has rights to the Folder "A" but then only Mary has rights to Mary's folder and no one else (except SYSTEM, Administrators and administrator)?
0
 
arnoldConnect With a Mentor Commented:
On the Share folder you have two tabs, sharing and security. This is where you set what the user that accesses this share sees.
The security settings on this and subsequent folders will dictate how far each user who accesses the share can go.

Note on the security settings, if you have inheritance enabled. the TOP folder will dictate what subfolders have.


Yes, you can but for that you would first have to terminate inheritance, and copy the existing settings.
Then adjust the security parameters as you see fit.
0
 
btanConnect With a Mentor Exec ConsultantCommented:
Yes you can but as mentioned earlier you need to disable inheritance to customise the specific group or Users for the sub folder otherwise the access given in folder A takes precedence - meaning those users belonging to admin can still access all the sub folder (you notice they are included by default in the subfolder permission list of group).
0
 
btanExec ConsultantCommented:
As advised by experts.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.