Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

File/Folder Permissions (Share vs NTFS)

Status
Not open for further replies.
efector

efector

IS-IT--Management
Dec 10, 2003
234
US
I use a nifty little program called WinCloak, which only allows you to see folders for which you have NTFS permissions. The challenge I have, is that in our company, there is one huge share (R:) where each department has its own folders.

I have set the NTFS permissions on each individual department's folder (hr, accounting, etc)(and they are set to NOT inherit permissions from the folder above because I only want the people that I explicitly define, to be able to access each unique department's folder), to include System/Domain Admins/Creator Owner/appropriate department group membership.

HOWEVER, on the overall SHARE that contains these folders, I have the SHARE permissions set to FULL on Domain Admins/Domain Users, with the default NTFS permissions when making a share/folder.

The challenge I have, is that users are able to create folders at the same level as their DEPARTMENT folder, which is what I DONT want. In essence, each user should only see ONE folder within R:, but they can see many because users have made them at the root level of R: .

SO, What permissions do I set, and WHERE do I set them?
 
Sort by date Sort by votes
My question is why give domain users Full access at the root of your share? My advice is share only what you want the users to see and then set permissions accordingly. Remember if the NTFS permissions and the share permissions conflict, the most restrictive wins which I'm sure you already know. Give them read access at the root which will elimate their ability to create folders and then progress to change and modify when those attributes are called for. Not sure I'm helping but it's been a long day.
 
Upvote 0 Downvote
At the root level set ADVANCED NTFS permissions to be read only for that folder only. Then on the departmental folders set advanced permissions for the Write rights using the advanced property for This Folder, Sub Folder and Files. Note I did not say Full Control since that would allow users to change permissions on the NTFS level.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

sburgess73
  • Locked
  • Question
MSIPCCache Folder
Replies
0
Views
165
sburgess73
sburgess73
tscstl
  • Locked
  • Question
access to local folder
Replies
1
Views
262
hairlessupportmonkey
hairlessupportmonkey
microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
484
microsGuy16
microsGuy16
Dave60608
  • Locked
  • Question
Accessing shared folders via a network
Replies
5
Views
457
strongm
strongm
StevenFromSouth
  • Locked
  • Question
VPN Connects but cannot access remote network computers or folders
Replies
1
Views
218
StevenFromSouth
StevenFromSouth

Part and Inventory Search

Sponsor

Back
Top