Re: dumb Acces rights question...

In news:uQHTSavNHHA.4992@xxxxxxxxxxxxxxxxxxxx,
SimonR <Simon@xxxxxxxxxxxxxx> typed:
We have a share called DATA
In that share are ALL the files for access by ALL users of the Server
rights "Authenticated Users' = Full setup by an ex employee
I need to look after the network and want to "Control" access

Folder contains:
'ADMINS' folder
'ACCOUNTS' folder
'PAYROLL' folder

I've created Groups ADMINS, ACCOUNTS & PAYROLL and added the various

Question:
How do I make sure only people in the above group have READ or
READ/WRITE access??

Here's what I'd do:

D:\DATA (do not share this folder; NTFS perms = system & built-in
Administrators group only, full control)
|
\Admins (shared as ADMINS$) and NTFS security set to system
& built-in Administrators group =only, full control, Admins
group = modify
|
\Accounts (shared as ACCOUNTS$), NTFS security set to system
& built-in Administrators group = full control, Accounts group
= modify
|
\Payroll (shared as PAYROLL$), NTFS security set to system
& built-in Administrators group = full control, Payroll group =
modify

If you also want the accounts group to


The $ in the share name hides it from browsing, and you can map drives to
the shares in your login scripts. All *share* level permissions should be
everyone = full control, b/c the NTFS security will be more restrictive

I don't use Auth Users or Domain Users for my NTFS permissions. For other
folders, like a general shared folder (in this case, D:\Data\Shared
(SHARED$)), I assign full control to the system & admins groups, and then
also to a custom group I create called "Companyname Users" (and give them
modify rights).


.

Relevant Pages

  • NTFS problem
    ... Windows 2003 file server: ... It demonstrates that the domain administrator has full control on the ... "accounts" folder, and the accounts group has change control. ...
    (microsoft.public.windows.server.general)
  • Re: Cant logon to a user account
    ... name to the one I deleted earlier) via Control Panel>User Accounts, ... Users folder in Explorer there is no folder the new user although the new ... new user account thru the control panel>users applet, restart and then ...
    (microsoft.public.windows.vista.general)
  • Re: File permissions problem
    ... >control of the folder; no other accounts or groups have permission to it. ...
    (microsoft.public.windowsxp.general)
  • Re: Adding XP in another partition users into Vi$ta
    ... I removed all accounts that could access folder X. ... Then I let user Y to take control of the folder, ... XP's Administrator as well as user could no longer access folder X, unless I let XP's Admin to take control of folder X. ...
    (microsoft.public.windows.vista.security)
  • Re: New employee, same computer -- what to do?
    ... separate computer just to run a $100 label printer. ... Rename a computer so that user A is not logging on with user B's name. ... basically tells the registry to use that folder for said user holding SID ... The only local accounts you have to have are administrator and guest ...
    (microsoft.public.windows.server.active_directory)
Loading