Re: ABE Help
- From: Scott Lowe <slowe@xxxxxxxxx>
- Date: Tue, 2 May 2006 09:32:29 -0400
On 2006-04-30 23:13:01 -0400, Perry <Perry@xxxxxxxxxxxxxxxxxxxxxxxxx> said:
I really hate to sound stupid here but i'm having an issue controlling access to files and folders in a Win2K3 server. I had to transfer everyone's user folders from a Novell server to the new 2K3 server and now I have to give them exclusive rights to their own user folder. I have a shared folder setup called "users" and no matter what I set the rights to all users can still see the folder list of the other users. I'm trying to follow this Access-base enumeration and i'm kind of stuck on it. I can really use a puch on this one if anyone cares to lend a hand. I also need to understand what this is trying to do. I come from teh Novell world and granting access rights aren't this difficult. Any HELP is rally appreciated. Thanks.
PT
First, note that ABE is only supported with Windows Server 2003 SP1 or later. If you haven't yet installed SP1, then ABE won't work.
Second, ABE only works across the network. If you are viewing files in the Users folder locally, you won't see anything.
Third, ABE doesn't affect administrators. Administrators always see everything.
Finally, keep inheritance in mind. If you've granted "Read and Execute" permission for users on the Users folder (which would typically be necessary for them to see the contents of that folder), then--by default--those permissions will flow onto the subfolders in the Users folder. You have two ways to address that--you can turn off inheritance on each subfolder, or you can specify that the permissions on the Users folder should only be applied to that folder only. Both of these settings can be found on the Advanced Security Settings dialog box, accessed by clicking on "Advanced..." on the Security tab of the folder's properties dialog box.
Permissions in the Windows world can be a bit confusing, especially when coming from a Novell background. The easiest thing to do is set the share permissions (when you shared the folder) to something fairly reasonable, like "Users: Modify" or similar (also add a Full Control for Administrators). Then lock down the permissions at the file system/NTFS level, where you can be much more granular with the permissions. The more strict permissions are the permissions that are in effect.
HTH.
--
Regards,
Scott Lowe
ePlus Technology, Inc.
.
- Follow-Ups:
- Re: ABE Help
- From: Perry
- Re: ABE Help
- Prev by Date: Re: Which ports to open for Remote Desktop?
- Next by Date: Re: IAS
- Previous by thread: "The account is no authorized to log in from this workstation..."
- Next by thread: Re: ABE Help
- Index(es):
Relevant Pages
|
