RE: Users access folrders
- From: v-yanniw@xxxxxxxxxxxxxxxxxxxx ("Jenny wu [MSFT]")
- Date: Mon, 15 Aug 2005 11:34:36 GMT
Hi,
Thanks for posting here!
For your description, I understand that you want to know how to set
exclusive access permission to user's my document. If I am off base, please
don't hesitate to let me know.
To make sure that only the user and the domain administrators have
permissions to open a particular redirected folder, do the following:
1. Select a central location in your environment where you would like to
store Folder Redirection, and then share this folder. In this example,
FLDREDIR is used.
2. Set Share Permissions for the Everyone group to Full Control.
3. Use the following settings for NTFS Permissions: o CREATOR OWNER - Full
Control (Apply onto: Subfolders and Files Only)
**** System - Full Control (Apply onto: This Folder, Subfolders and Files)
**** Domain Admins - Full Control (Apply onto: This Folder, Subfolders and
Files)
****Everyone - Create Folder/Append Data (Apply onto: This Folder Only)
****Everyone - List Folder/Read Data (Apply onto: This Folder Only)
****Everyone - Read Attributes (Apply onto: This Folder Only)
****Everyone - Traverse Folder/Execute File (Apply onto: This Folder Only)
4. Configure Folder Redirection Policy as outlined in Windows Help. Use a
path similar to \\server\FLDREDIR\username to create a folder under the
shared folder, FLDREDIR. The detail steps are:
A. Open Active Directory Computers and Users snap-in.
B. Open the Group Policy edit window (as your requirement)
a. Locate the appropriate OU or container and click Properties.
b. In the Group Policy tab, create a new group policy, and click Edit to
open the Group Policy edit window.
Or you can locate the default group policy in Group Policy Management
(Server Management console -> Advanced Management -> Group Policy
Management) and then right click it to click Edit to open the Group Policy
edit window
C. Locate the following group policy:
[User Configuration\Windows Settings\Folder Redirection\My documents]
D. Right click 'My documents', and then click Properties.
E. Select "Advanced settings: Specify locations for various user groups".
F. Click Add to select the user group that you want to restrict permission,
and specify the FLDREDIR share folder as \\server\ FLDREDIR .
G. Select the Settings property page, and click to check the "Grant user
exclusive rights to my documents". You can also configure other settings
according to your requirement.
H. Close all windows.
I. Click Start, and click Run.
G. Type "cmd" in the text box, and click OK.
K. Type the following command to refresh the group policy settings:
SECEDIT /REFRESHPOLICY USER_POLICY /ENFORCE
5. Logon as a user in the group to test.
Because the Everyone group has the Create Folder/Append Data right, the
group members have the proper permissions to create the folder; however,
the members are not able to read the data afterwards. The Username group is
the name of the user that was logged on when you created the folder.
Because the folder is a child of the parent folder, it inherits the
permissions that you assigned to FLDREDIR. Also, because the user is
creating the folder, the user gains full control of the folder because of
the Creator Owner Permission setting.
For additional information, click the article number below to view the
article in the Microsoft Knowledge Base:
How to dynamically create security-enhanced redirected folders by using
folder redirection in Windows 2000 and in Windows Server 2003
http://support.microsoft.com/kb/274443/
232692 Folder Redirection Feature in Windows
http://support.microsoft.com/?id=232692
288991 Enabling the Administrator to Have Access to Redirected Folders
http://support.microsoft.com/?id=288991
Hope this helps! If you have any further concern or question about the
issue, please feel free to let me know. I am looking forward to you!
Have a nice day!
Best Regards,
Jenny Wu
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
>Thread-Topic: Users access folrders
>thread-index: AcWgQJyUQtXhC6yYQeKEr1radiuLEQ==
>X-WBNR-Posting-Host: 67.63.18.98
>From: "=?Utf-8?B?U0JTMjAwMw==?=" <SBS2003@xxxxxxxxxxxxxxxxxxxxxxxxx>
>Subject: Users access folrders
>Date: Sat, 13 Aug 2005 12:53:01 -0700
>Lines: 7
>Message-ID: <117193DF-6A5E-424C-8147-92170DF48377@xxxxxxxxxxxxx>
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="Utf-8"
>Content-Transfer-Encoding: 7bit
>X-Newsreader: Microsoft CDO for Windows 2000
>Content-Class: urn:content-classes:message
>Importance: normal
>Priority: normal
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>Newsgroups: microsoft.public.windows.server.sbs
>NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:144022
>X-Tomcat-NG: microsoft.public.windows.server.sbs
>
>I run the wizard to add users... how can I have each user access his own
>folder for some reasons i can't remove domain users from the share folder
and
>if i disable inhiritable permission it looks like i have to add people
>manualy
>Is there is a way to when i create a new user the user access only thier
>user folder all my folder now can be accesed by the other users
>Thanks
>
.
- Follow-Ups:
- Re: Users access folrders
- From: Jenny wu \(MSFT\)
- Re: Users access folrders
- References:
- Users access folrders
- From: SBS2003
- Users access folrders
- Prev by Date: RE: Internet connection via 2nd network card without ISA
- Next by Date: RE: Server Mangement not available
- Previous by thread: Users access folrders
- Next by thread: Re: Users access folrders
- Index(es):
Relevant Pages
|
