Re: Directory Permissions - What gives?

and if Group A have 10k users and Group B have 15k users how a create and
maintain that group C?
and again if i delegate the rights to maintain that share how i will
restrict the delegated admin to not give rights to group D but can give
rights to what other group he wants?
--
Dragos CAMARA
MCSA Windows 2003 server


"SBS Rocker" wrote:

Oh I forgot to mention Group C which is a copy of Group A minus the members
of Group B. Which means you copy the inheritance from the parent folder,
remove Group A and Add Group B and Group C. But nothing else needed to be
done at the share level is required.

"SBS Rocker" <noreply@xxxxxxxxxxxx> wrote in message
news:%23VrSs7hyHHA.4824@xxxxxxxxxxxxxxxxxxxxxxx
Now that's what everyone here is talking about Dragos. You are creating
more work. If you had the parent folder shared at Everyone=FULL or even
better Authenticated Users=FULL you'll never have to modify the share
permissions again no matter what type of access you need to grant in the
folder or sub folder. All security is now controlled and managed at the
NFTS folder and sub folder levels.
There was a reason why pre W2K3 by default for a share was Everyone=FULL.
Now they have changed it to Everyone=Read. You may not agree with having
Everyone=FULL at the share level but you seem to agree with Authenticated
Users=FULL at the share level. Isn't the Guest account a member of
Everyone as well as Authenicated Users? That siad if you did it that way
there would be no reason to creating new groups or removing groups at
share level. Correct? All you would need to do at the parent FolderA and
sub folderB now is create one new group and give them Read access. Copy
the inherited NTFS permissions from the parent folder and add Group B and
have inheritance turned on at the sub level to all child folders.
That is the reasoning behind why you only need to apply one group at the
share level so you don't have to go back and do all the extra work at the
share level as you just explained.



"Dragos CAMARA" <dragos_c@xxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:707B3AF6-BA71-4A69-B0A6-04807F047C1A@xxxxxxxxxxxxxxxx
simple as a walking in a park :
create a group C give ntfs share permisions to that group, add group A
and B
to C, remove group A from share permission, give NTFS rights acording to
group A and B.

everyone group full access : includes anyone who has access to network
resources, including the Guest account - so keep to guest account with
that
rights
--
Dragos CAMARA
MCSA Windows 2003 server


"Albert Louis" wrote:

hmmmmmmmmmm this is all very interesting. Sure would like to see what
Dragos
response is to Eagles10 question. Dragos I'm almost embarrassed to have
read
your reply to Andrew instructing him to secure his folders at the share
level using groups. Makes the rest of us MCSA's look like we have no
creditability


"Eagles10" <bogus@xxxxxxxxx> wrote in message
news:%233TvKRWyHHA.4276@xxxxxxxxxxxxxxxxxxxxxxx
wow!!! looks like I stumbled into a very interesting thread. Did
anyone
ever resolve Andrew's issues? Let me throw in my cents here and try
not to
offend anyone. I'm going to have to agree with SBS Rocker simply
because
if you start applying users and groups at the share level you are
creating
more work and managing the ntfs folder permissions becomes quite a
task
Rocker is correct. You need to apply Everyone=FULL at the share level.
I'm
not sure what Dragos was thinking about offering his suggestion to add
groups to the share permissions. Afterall he is a MCSA and he should
know
better than that.

Dragos what happens if I give Group A FULL share permissions and
Modify
NTFS permissions on the folder. Now I have a subfolder that requires
part
od the users of Group A to have Modify and a new Group B to have read
access yet some of the members of Group B are members of Group A. Now
what
are you going to do?



"Andrew" <Andrew@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:BF348C3A-D097-4852-AFB2-71978C5D6F81@xxxxxxxxxxxxxxxx
I shared a directory with one of our Windows 2003 servers and gave a
user
Full Control accesss to that directory. However, from his computer
where
he
is logged on, he can't copy and paste anything to that directory. If
he
remote desktop's into the server and logs on as himself, he can
browse to
another network share and pull the file over without any problems.

I never had this problem in Windows 2000. How do I configure a
directory
on
a Windows 2003 server so that people can "push" files to that folder
without
logging onto the server locally and "pulling" the files over?










.

Relevant Pages

  • RE: Windows 2003 Server - Everyone Group
    ... this folder only accessable by the users in the "special" group. ... Configure User and Group Access on an Intranet in Windows Server ... NTFS files system permissions control ... group that you want to set permissions for, click Check Names to verify the ...
    (microsoft.public.win2000.networking)
  • Re: Office Docs wont Open? and BU Drive not Recognized?
    ... Create a new Folder: ... On the server share... ... SHARING tab | Permissions | Share Permissions | Group or User Names ... If I copy the document to the local Client, the document opens ...
    (microsoft.public.windows.server.sbs)
  • Re: An NT Security Gotcha that looks like a Jet Security issue
    ... >people remotely via Windows Terminal Server. ... >code when it was run by a user that didn't have full permissions on ... There's a top-level DATA folder, ... >ApplicantsDB and Quickbooks. ...
    (comp.databases.ms-access)
  • Re: Exchange Move Issues?
    ... I'm a bit confused on what permissions to assign for SBS, ... When you finish moving the databases, ... You can move the log files and database files to any folder that you want to ... Note Only assign permissions to the Server Operators group if the Exchange ...
    (microsoft.public.windows.server.sbs)
  • Re: MS - Access Issues
    ... I don't see anything anywhere for NTFS folder permissions. ... Nor can it find the domain server. ... checked to bypass proxy server for local addresses. ...
    (microsoft.public.windows.server.sbs)