Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

ACTIVE DIRECTORY

Posted on 2016-09-15
4
Medium Priority
?
110 Views
Last Modified: 2016-09-20
I have security groups named accounting  franchising and clerk security group each are having 2 persons as members.

This group has access to M drive on windows server 2008, on that M drive  we have data\departments\ and various other folders like budget, pricing, MS,Accounts , debit and credit folders.

each group needs access to their folders only so that other security group members don't see them (access based enumeration)

how can I implement that each group has access to their folders like

accounting security group members have access to budget and pricing only. while clerk security group has access to debit and credit folders only.
0
Comment
Question by:pramod1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 83

Expert Comment

by:David Johnson, CD, MVP
ID: 41800793
Implement Access Based Enumeration on the shares.
0
 
LVL 4

Expert Comment

by:El Fierro
ID: 41800821
you can keep it simple and apply the security group to the specific folder,
in the security rights on the folder and/or the share, do exactly as you would to add in a user, only instead of the username put in the groupname (you will see at the top of the security rights box when you are typing in the user/group name it will say "Users or Groups"
0
 
LVL 12

Accepted Solution

by:
Sandeep earned 2000 total points
ID: 41801280
In Data Folder's security group, add all the User Groups and give them read only access. Make sure on this folder you give Administrators Group Full permissions so you can manage the permissions.

Now up department do not make any changes.

Now select individual folders for example Pricing or Budget. In security tabs for these folders in Advanced Properties uncheck the Inheritance Mark from the Parent folder. But do copy the permissions when prompted after you uncheck it so All the permissions what Department folder has will get copied to your individual folder.

Now remove all the groups except leaving behind Account Group and Administrators Group. If you want Account group to have modify permissions set here like wise.

Similarly do this for other folders.

This will help you to make visible only those folders which are used by that particular department. On actual server all folders will be visible to you as you got full access on all the folder but users department wise can see their relevant folders.

Hope that make sense, if you still got any doubts let us know.
0
 

Author Comment

by:pramod1
ID: 41807907
I did exactly as what you told, but the users I have added can add but cant copy from other directory , is it something I am missing
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question