Solved

ACTIVE DIRECTORY

Posted on 2016-09-15
4
79 Views
Last Modified: 2016-09-20
I have security groups named accounting  franchising and clerk security group each are having 2 persons as members.

This group has access to M drive on windows server 2008, on that M drive  we have data\departments\ and various other folders like budget, pricing, MS,Accounts , debit and credit folders.

each group needs access to their folders only so that other security group members don't see them (access based enumeration)

how can I implement that each group has access to their folders like

accounting security group members have access to budget and pricing only. while clerk security group has access to debit and credit folders only.
0
Comment
Question by:pramod1
4 Comments
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
ID: 41800793
Implement Access Based Enumeration on the shares.
0
 
LVL 4

Expert Comment

by:El Fierro
ID: 41800821
you can keep it simple and apply the security group to the specific folder,
in the security rights on the folder and/or the share, do exactly as you would to add in a user, only instead of the username put in the groupname (you will see at the top of the security rights box when you are typing in the user/group name it will say "Users or Groups"
0
 
LVL 12

Accepted Solution

by:
Sandeep earned 500 total points
ID: 41801280
In Data Folder's security group, add all the User Groups and give them read only access. Make sure on this folder you give Administrators Group Full permissions so you can manage the permissions.

Now up department do not make any changes.

Now select individual folders for example Pricing or Budget. In security tabs for these folders in Advanced Properties uncheck the Inheritance Mark from the Parent folder. But do copy the permissions when prompted after you uncheck it so All the permissions what Department folder has will get copied to your individual folder.

Now remove all the groups except leaving behind Account Group and Administrators Group. If you want Account group to have modify permissions set here like wise.

Similarly do this for other folders.

This will help you to make visible only those folders which are used by that particular department. On actual server all folders will be visible to you as you got full access on all the folder but users department wise can see their relevant folders.

Hope that make sense, if you still got any doubts let us know.
0
 

Author Comment

by:pramod1
ID: 41807907
I did exactly as what you told, but the users I have added can add but cant copy from other directory , is it something I am missing
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now