Rajat Sehgal
asked on
How to restrict to folder access in Windows Server 2012
Hello Experts,
We've created remote desktop users in windows server 2012 R2 Standard & every user have an own folder in D: drive, how to restrict to folder access to user among themselves along with d: drive. Only one folder everyone can access e.g. D:\FTP.
e.g.
Remote User Folder in D:\ Allowed Access Restrict Access
administrator N/A Complete D:\ N/A
Philips Philips Philips Dell, Root, Wendy, Manager
Dell Dell Dell Philips, Root, Wendy, Manager
Root Root Root Philips, Dell, Wendy, Manager
Wendy Wendy Wendy Philips, Dell, Root, Manager
Manager Manager Manager Philips, Dell, Root, Wendy
N/A FTP ALL Users N/A
We've created remote desktop users in windows server 2012 R2 Standard & every user have an own folder in D: drive, how to restrict to folder access to user among themselves along with d: drive. Only one folder everyone can access e.g. D:\FTP.
e.g.
Remote User Folder in D:\ Allowed Access Restrict Access
administrator N/A Complete D:\ N/A
Philips Philips Philips Dell, Root, Wendy, Manager
Dell Dell Dell Philips, Root, Wendy, Manager
Root Root Root Philips, Dell, Wendy, Manager
Wendy Wendy Wendy Philips, Dell, Root, Manager
Manager Manager Manager Philips, Dell, Root, Wendy
N/A FTP ALL Users N/A
ASKER
Hi Andy,
I already tried with same procedure, but no luck.
I already tried with same procedure, but no luck.
Can you post a screenshot of the NTFS settings for one of the folders? This should work fine to restrict users getting into folders unless there's an incorrect setting or some permission inheritance going on.
You will need to share the folder with the individual users as well as set NTFS security permissions. One without thebother wont allow access.
Stay away from the 'simple' share method - using that will conflict with NTFS permissions as only one of the two should be used. The simple sharing method only handles read, write, contribute, owner. NTFS gets granular to the actions allowed and the two do not work together properly.
Stay away from the 'simple' share method - using that will conflict with NTFS permissions as only one of the two should be used. The simple sharing method only handles read, write, contribute, owner. NTFS gets granular to the actions allowed and the two do not work together properly.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
We dont have Domain or Domain users, using work group only without AD. Unable to understand point no.4 & 8 please explain ?
> Unable to understand point no.4 & 8 please explain
Ok. Instead of Domain Admins, use Administrators
Ok. Instead of Domain Admins, use Administrators
We dont have Domain or Domain users, using work group only without AD
In that case keep in mind users will need to connect with the same credentials on the file host server, not their computer (unless you keep these identical) as they are effectively separate accounts.
More details on workgroup shared folders here which may help: https://support.microsoft.com/en-gb/help/323420/how-to-share-files-and-folders-over-a-network-for-workgroups-in-window
ASKER
Hi NVIT,
Now working, Thanks .
Please let me know :-
Need to start application (run as administrator) from user it is asking for administrator password, how can i run my application from user without need password ? or can i set administrator password in UAC only for particular application ? or is there any way to assign administrator rights only to that application start/login purpose ?
e.g.
User Application Folder
Philips D:/Philips/Login/one.exe
Manager D:/Manage/Micro/one.exe
Some settings which we have done from administrator, it should be apply on users automatically after the changes on administrator. Is this possible ?
e.g.
Right click on desktop>View>Medium icons
Right click on desktop>View>Auto arrange icons
Right click on desktop>View>Show desktop icons
Right click on desktop>Sort by>Name
Unpin default utility from the taskbar Like File Explorer, Windows PowerShell, Server Manager
Control Panel>Appearance and Personalization>Personaliz ation>sele ct Computer, Recycle Bin
Control Panel>All Control Panel Items>Taskbar and Navigation>Taskbar and Navigation Properties>Taskbar>Select Lock the taskbar, Use small taskbar buttons
Control Panel>All Control Panel Items>Notification Area Icons>Under Icons>Action Center>Under Behaviors>Hide icon and notifications
Control Panel>All Control Panel Items>Notification Area Icons>System Icons>Turn system icon on or off>Under system icons>Action Center>Under Behaviors>select off
Now working, Thanks .
Please let me know :-
Need to start application (run as administrator) from user it is asking for administrator password, how can i run my application from user without need password ? or can i set administrator password in UAC only for particular application ? or is there any way to assign administrator rights only to that application start/login purpose ?
e.g.
User Application Folder
Philips D:/Philips/Login/one.exe
Manager D:/Manage/Micro/one.exe
Some settings which we have done from administrator, it should be apply on users automatically after the changes on administrator. Is this possible ?
e.g.
Right click on desktop>View>Medium icons
Right click on desktop>View>Auto arrange icons
Right click on desktop>View>Show desktop icons
Right click on desktop>Sort by>Name
Unpin default utility from the taskbar Like File Explorer, Windows PowerShell, Server Manager
Control Panel>Appearance and Personalization>Personaliz
Control Panel>All Control Panel Items>Taskbar and Navigation>Taskbar and Navigation Properties>Taskbar>Select Lock the taskbar, Use small taskbar buttons
Control Panel>All Control Panel Items>Notification Area Icons>Under Icons>Action Center>Under Behaviors>Hide icon and notifications
Control Panel>All Control Panel Items>Notification Area Icons>System Icons>Turn system icon on or off>Under system icons>Action Center>Under Behaviors>select off
> Now working, Thanks .
Please close this question and award points.
> Need to start application (run as administrator) from user
> Some settings which we have done from administrator
This sounds like 2 new questions. Please open a new question for each
Please close this question and award points.
> Need to start application (run as administrator) from user
> Some settings which we have done from administrator
This sounds like 2 new questions. Please open a new question for each
ASKER
Agreed going to close.
Thanks
Thanks
(Right-click the folder, go to security, remove the generic "users" access and add the required user accounts in with the level of access needed).Note that you will need to stop inheritance of permissions from the root level of the folders to amend the permissions.
Or to make life easier, create a security group for each folder, add the security group to the NTFS permissions instead of the individual user accounts and then add the required users to the groups. That way if you ever need to change which users have access to the folder you simply remove/add them from groups rather than having to mess about with the permissions on each folder again.