Solved

We don't want folders on server to be accessed by everyone

Posted on 2016-09-06
8
45 Views
Last Modified: 2016-09-29
Goal:  I want to only give access to the individual themselves, the administrator and on some of them one or two other people.  

We have a server that is running Windows Server 2012.    The files that people save into their individual folders on the were originally set up so that everyone can access them.   When I right click on he parent folder and the individual folders inside and go to Properties and Security there is  "Administrators",  Administrator", "System", and "Users".    
On the individual folders, I can add the individual but the "users" group is still present and can access the folder.  I tried to remove Users but it says if a person has rights in two groups and you remove one group, then that is the over riding rule (No access).   How do I begin to change this so I can accomplish the goal above?
0
Comment
Question by:syssolut
8 Comments
 
LVL 14

Assisted Solution

by:Schnell Solutions
Schnell Solutions earned 125 total points (awarded by participants)
ID: 41787076
You can remove the group. The user just need to be listed once in the permissions (without groups), or... anyone of his/her groups is enough to allow the permission. (You do not need the combination of both).
0
 
LVL 62

Accepted Solution

by:
btan earned 250 total points (awarded by participants)
ID: 41787084
User has to be given ownership to their folder and also disable inheritance ro futher customise who can be allowed. See the step through

http://www.online-tech-tips.com/computer-tips/set-file-folder-permissions-windows/
0
 
LVL 77

Assisted Solution

by:arnold
arnold earned 125 total points (awarded by participants)
ID: 41787155
Instead of starting from what you do not want, start with what you do want and to whom you wish to grant access and the type of access.
From the Share permission tab, you can grant sharing rights which are superseded by security permissions.

The more restrictive rule will apply, so long as you do not have a deny rule on users, a user that is a member of two groups may have rights to ....

You can use icacls as well as advanced under the security tab, to check a user's effective permissions to confirm that the user will have rights to the folder/contents ......

The structure of the folders could also impact, i.e. if you have hierarchical
top administrators have full rights, system has full rights and domain users have listing rights on this level only......
subfolder1, add user1
subfolder2 add user2
subfolder3 add user3

The sharing permissions will be less restrictive as you can grant the full rights to domain users
The effect while user1, user2 will see subfolder3 they will not be permitted to access each others nor user3's folder.

What types of folders are these? One option could be to use redirected folders documents, desktop, etc.
another option could be to use mapped drives using GPP to deploy specific "drives" to users.......whose top level will have the rights you want, etc......system, administrators, but each user will have drive M: for example locked into their folder without being able to see the contents from the others.......
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:syssolut
ID: 41792954
So lets say I have Folder "A" and everyone has full control because in this folder are individual folders for Bob, Mary, Alice, Ken and Karen.   On each of these individual folders everyone has full rights at this time (along with SYSTEM, Administrators, and Administrator).   Can I go to the individual folder, say Mary's and add Mary in the Security,  then delete the "USERS" from Mary's folder?   This way Everyone has rights to the Folder "A" but then only Mary has rights to Mary's folder and no one else (except SYSTEM, Administrators and administrator)?
0
 
LVL 77

Assisted Solution

by:arnold
arnold earned 125 total points (awarded by participants)
ID: 41792982
On the Share folder you have two tabs, sharing and security. This is where you set what the user that accesses this share sees.
The security settings on this and subsequent folders will dictate how far each user who accesses the share can go.

Note on the security settings, if you have inheritance enabled. the TOP folder will dictate what subfolders have.


Yes, you can but for that you would first have to terminate inheritance, and copy the existing settings.
Then adjust the security parameters as you see fit.
0
 
LVL 62

Assisted Solution

by:btan
btan earned 250 total points (awarded by participants)
ID: 41793040
Yes you can but as mentioned earlier you need to disable inheritance to customise the specific group or Users for the sub folder otherwise the access given in folder A takes precedence - meaning those users belonging to admin can still access all the sub folder (you notice they are included by default in the subfolder permission list of group).
0
 
LVL 62

Expert Comment

by:btan
ID: 41821335
As advised by experts.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
OfficeMate Freezes on login or does not load after login credentials are input.
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now