Solved

ACTIVE DIRECTORY

Posted on 2016-09-15
4
101 Views
Last Modified: 2016-09-20
I have security groups named accounting  franchising and clerk security group each are having 2 persons as members.

This group has access to M drive on windows server 2008, on that M drive  we have data\departments\ and various other folders like budget, pricing, MS,Accounts , debit and credit folders.

each group needs access to their folders only so that other security group members don't see them (access based enumeration)

how can I implement that each group has access to their folders like

accounting security group members have access to budget and pricing only. while clerk security group has access to debit and credit folders only.
0
Comment
Question by:pramod1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 81

Expert Comment

by:David Johnson, CD, MVP
ID: 41800793
Implement Access Based Enumeration on the shares.
0
 
LVL 4

Expert Comment

by:El Fierro
ID: 41800821
you can keep it simple and apply the security group to the specific folder,
in the security rights on the folder and/or the share, do exactly as you would to add in a user, only instead of the username put in the groupname (you will see at the top of the security rights box when you are typing in the user/group name it will say "Users or Groups"
0
 
LVL 12

Accepted Solution

by:
Sandeep earned 500 total points
ID: 41801280
In Data Folder's security group, add all the User Groups and give them read only access. Make sure on this folder you give Administrators Group Full permissions so you can manage the permissions.

Now up department do not make any changes.

Now select individual folders for example Pricing or Budget. In security tabs for these folders in Advanced Properties uncheck the Inheritance Mark from the Parent folder. But do copy the permissions when prompted after you uncheck it so All the permissions what Department folder has will get copied to your individual folder.

Now remove all the groups except leaving behind Account Group and Administrators Group. If you want Account group to have modify permissions set here like wise.

Similarly do this for other folders.

This will help you to make visible only those folders which are used by that particular department. On actual server all folders will be visible to you as you got full access on all the folder but users department wise can see their relevant folders.

Hope that make sense, if you still got any doubts let us know.
0
 

Author Comment

by:pramod1
ID: 41807907
I did exactly as what you told, but the users I have added can add but cant copy from other directory , is it something I am missing
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question