Re: Assigning permissions to users
- From: "Ace Fekay [MVP]" <PleaseAskMe@xxxxxxxxxxxxxx>
- Date: Thu, 14 Dec 2006 02:41:44 -0500
In news:%23Ud%232nHHHHA.2632@xxxxxxxxxxxxxxxxxxxx,
Greg de Bruin <someone@xxxxxxxxxxxxx> stated, which I commented on below:
I am from the Netware world and new to Windows Server.
I have set up an Active Directory and added Users and Groups. I
would like to assign folder permissions to various groups. Here is
an example of what I want to do:
Root directory is G:. Only Domain Admins have right to add or delete
folders at this level.
Below that is Administration. Let everyone see that folder but only
members of grpFinance can see it.
Below that is Finance2006. No one but Domain Admins and grpFinance
can see the folder. grpFinance can do whatever they want at this
level.
Also below Administration is a folder called Forms. All Domain Users
can see this folder, can't delete it, can add or edit files to it,
but can't delete files in it.
Can anyone give me the permission assignments I would use to set up
all of the above?
Thanks,
Greg
Try this:
In your scenario, I would suggest to not use the volume root, but rather
create a subfolder called Administration. We'll make this our security area
to control for access. Unlike Netware, the volume root is already shared FC
access only to Domain and Local Admins, as well as System, etc. Let's leave
that be.
Therefore let's try this based on what you posted (I thought this through
within a minute or so, so pardon any errors):
G:\Administration
Share as "Administration"
Share permissions:
Remove Everyone
Domain Admins FC
Authenticated Users: C
NTFS persmissions:
Remove Everyone
Authenticated Users: R
Finance Group: M
G:\Administration\Finance2006
NTFS Permissions:
Remove Inheritance
Remove Everyone
Remove Auth Users
Domain Admins: FC
Finance Group: M
G:\Administration\Forms
NTFS Permissions:
Remove Inheritance
Remove Everyone
Domain Admins: FC
Authenticated Users: R
Notice no user accounts have FC. Also notice I use Authenticated Users and
NOT the Everyone group, since it comprises more than just Auth Users. Domain
Users and Authenticated Users are close in description, however I would like
to look at Authenticated Users as someone that has already logged in
successfully.
I would then document it with enough detail so my 10 year old can easily
read it and re-apply permissions if they needed to reconstruct it. (Well,
almost.)
Please also read my reply to Kurt, which was more meant for you. but I had
already written and sent it prematurely and meant to put most of it here.
--
Ace
Innovative IT Concepts, Inc (IITCI)
Willow Grove, PA
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer
Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
to easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject.
It's easy:
How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164
Infinite Diversities in Infinite Combinations
Assimilation Imminent. Resistance is Futile
"Very funny Scotty. Now, beam down my clothes."
The only constant in life is change...
.
- References:
- Assigning permissions to users
- From: Greg de Bruin
- Assigning permissions to users
- Prev by Date: Re: Assigning permissions to users
- Next by Date: passwords
- Previous by thread: Re: Assigning permissions to users
- Next by thread: Re: Assigning permissions to users
- Index(es):
Relevant Pages
|
