Solved

ACTIVE DIRECTORY

Posted on 2016-09-15
4
66 Views
Last Modified: 2016-09-20
I have security groups named accounting  franchising and clerk security group each are having 2 persons as members.

This group has access to M drive on windows server 2008, on that M drive  we have data\departments\ and various other folders like budget, pricing, MS,Accounts , debit and credit folders.

each group needs access to their folders only so that other security group members don't see them (access based enumeration)

how can I implement that each group has access to their folders like

accounting security group members have access to budget and pricing only. while clerk security group has access to debit and credit folders only.
0
Comment
Question by:pramod1
4 Comments
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
ID: 41800793
Implement Access Based Enumeration on the shares.
0
 
LVL 4

Expert Comment

by:El Fierro
ID: 41800821
you can keep it simple and apply the security group to the specific folder,
in the security rights on the folder and/or the share, do exactly as you would to add in a user, only instead of the username put in the groupname (you will see at the top of the security rights box when you are typing in the user/group name it will say "Users or Groups"
0
 
LVL 12

Accepted Solution

by:
Sandeep earned 500 total points
ID: 41801280
In Data Folder's security group, add all the User Groups and give them read only access. Make sure on this folder you give Administrators Group Full permissions so you can manage the permissions.

Now up department do not make any changes.

Now select individual folders for example Pricing or Budget. In security tabs for these folders in Advanced Properties uncheck the Inheritance Mark from the Parent folder. But do copy the permissions when prompted after you uncheck it so All the permissions what Department folder has will get copied to your individual folder.

Now remove all the groups except leaving behind Account Group and Administrators Group. If you want Account group to have modify permissions set here like wise.

Similarly do this for other folders.

This will help you to make visible only those folders which are used by that particular department. On actual server all folders will be visible to you as you got full access on all the folder but users department wise can see their relevant folders.

Hope that make sense, if you still got any doubts let us know.
0
 

Author Comment

by:pramod1
ID: 41807907
I did exactly as what you told, but the users I have added can add but cant copy from other directory , is it something I am missing
0

Join & Write a Comment

Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now