Avatar of Member_2_7349958
Member_2_7349958
 asked on

How to secure access to a folder on windows server 2008 R2

How to restrict access to a shared network folder on Windows Server 2008 R2 to only one administrator account. We have 3 users with administrative rights in AD and need to have only one of them to have access to it. How to set sharing and security permissions?
Windows Server 2008SecurityNetworkingWindows NetworkingActive Directory

Avatar of undefined
Last Comment
masnrock

8/22/2022 - Mon
Emmanuel Adebayo

Create a group add the account that need access to the folder. Assign this group permission the require permission to the folder, i.e Shared permission - Full or Modify; NTFS - Full or Modify

Remove local admin or domain admin permission from the folder.

Regards
ASKER CERTIFIED SOLUTION
Mahesh

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
btan

Via NTFS security and remove Domain Administrators to the access of that folder. Then actually, specify explicitly the groups that should have access and make sure that Domain Admins are not included in any of those groups. Include that particular one Administrator as required.
Natty Greg

OU's makes things so simple, you can have organizational units and with 3 admins each assigned roles with certain privileges n one person I assume you to man the AD then non of this would be an issue, if you assign only one admin to share because the others wouldn't be able to assign themselves access.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
masnrock

Basically what Mahesh said. The easy side is changing the access to specifically what you want, the problem becomes preventing someone from changing those accesses back to where they were before.