?
Solved

ACTIVE DIRECTORY

Posted on 2016-09-15
4
Medium Priority
?
106 Views
Last Modified: 2016-09-20
I have security groups named accounting  franchising and clerk security group each are having 2 persons as members.

This group has access to M drive on windows server 2008, on that M drive  we have data\departments\ and various other folders like budget, pricing, MS,Accounts , debit and credit folders.

each group needs access to their folders only so that other security group members don't see them (access based enumeration)

how can I implement that each group has access to their folders like

accounting security group members have access to budget and pricing only. while clerk security group has access to debit and credit folders only.
0
Comment
Question by:pramod1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 82

Expert Comment

by:David Johnson, CD, MVP
ID: 41800793
Implement Access Based Enumeration on the shares.
0
 
LVL 4

Expert Comment

by:El Fierro
ID: 41800821
you can keep it simple and apply the security group to the specific folder,
in the security rights on the folder and/or the share, do exactly as you would to add in a user, only instead of the username put in the groupname (you will see at the top of the security rights box when you are typing in the user/group name it will say "Users or Groups"
0
 
LVL 12

Accepted Solution

by:
Sandeep earned 2000 total points
ID: 41801280
In Data Folder's security group, add all the User Groups and give them read only access. Make sure on this folder you give Administrators Group Full permissions so you can manage the permissions.

Now up department do not make any changes.

Now select individual folders for example Pricing or Budget. In security tabs for these folders in Advanced Properties uncheck the Inheritance Mark from the Parent folder. But do copy the permissions when prompted after you uncheck it so All the permissions what Department folder has will get copied to your individual folder.

Now remove all the groups except leaving behind Account Group and Administrators Group. If you want Account group to have modify permissions set here like wise.

Similarly do this for other folders.

This will help you to make visible only those folders which are used by that particular department. On actual server all folders will be visible to you as you got full access on all the folder but users department wise can see their relevant folders.

Hope that make sense, if you still got any doubts let us know.
0
 

Author Comment

by:pramod1
ID: 41807907
I did exactly as what you told, but the users I have added can add but cant copy from other directory , is it something I am missing
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses
Course of the Month10 days, 14 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question