Re: Folder Permissions Question - Server 2003
- From: Leythos <spam999free@xxxxxxxxxx>
- Date: Thu, 3 Dec 2009 11:25:39 -0500
In article <66E4B814-1FC1-4255-B73C-B7131C307D3B@xxxxxxxxxxxxx>,
Mike@xxxxxxxxxxxxxxxxxxxxxxxxx says...
Hi, I have a disk (Windows 2003 Server) set aside for storing files/folders
for all users in our small domain. I few subfolders I want to only allow
access to some users. Is the right way to do this, to add those users
individually to the security of that folder with proper access rights, remove
the inherit from parent folder, and deny the domain\users access - or will
that deny all users access?
I want individual user to have access, but other users to get a permission
denied message if they click on these subfolders.
Thanks for any advice.
You don't use DENY when you can avoid it.
As for security and how to, using GROUPS and then adding members to the
GROUPS where the security is applied to the GROUP is the best way.
So, lets say you have a network share called ACCOUNTING (Drive T):
You create a security group called SG_Accounting, then add the people
that have permission for the Accounting group to the SG_Accounting group
membership.
On the ACCOUNTING SHARE you uncheck Inherit permissions, select COPY,
remove the "Domain Users" group, then ADD SG_Accounting, you could stop
here, and it would block everyone that isn't a member of SG_Accounting,
but, people that are members can change ownership and access, so you
want to use the Advanced Edit for permissions and remove Take Ownership
and the other one at the bottom of the list - set those to DENY for
SG_Accounting.
If you have a Share called ACCOUNTING and a folder inside ACCOUNTING
called "COMPANY2", and you want to block access to COMPANY2 for some
users, well, I would move COMPANY2 out of the ACCOUNTING share and
create a new share, with a new Security Group...
When you start messing with Deny or different permissions within folders
it can get real messy if you don't keep strict control/track of it.
--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.
Trust yourself.
spam999free@xxxxxxxxxx (remove 999 for proper email address)
.
- References:
- Folder Permissions Question - Server 2003
- From: Mike
- Folder Permissions Question - Server 2003
- Prev by Date: Re: Windows Server 2003 Shadow Copy Client
- Next by Date: RE: Event ID 1076 Reason Code: 0xa000000 server unexpected reboot
- Previous by thread: Re: Folder Permissions Question - Server 2003
- Next by thread: Windows Server 2003 Shadow Copy Client
- Index(es):
Relevant Pages
|
