Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

File server NTFS permissions oraganization help?

Status
Not open for further replies.
ehenschel

ehenschel

MIS
Sep 19, 2011
11
0
0
US
Ok bad title but...
Our files servers are still running Netware. We are finally moving them to windows to eliminate netware and jive with our windows application servers. I understant completely how Share/NTFS permissions work. That being said I am struggling on best practices for sharing the data. i will give you an example and hope someone has an idea how to handle it.

Lets say I have a folder called Sales. The Sales group has access to this folder. Now someone in HR needs access to a SUB-FOLDER under sales. But I only want that folder to be seen by 2 people, lets say sales manager and the HR person. I then go in and have to turn off inheritable persmissions (which I DON'T like doing and I know is bad management) and remove sales group. Otherwise they will all see inside that folder also. Now to make things TWICE as bad I have to go to the SALES folder and add the HR person to NTFS permissions with List Folder access or they can't even browse to the subfolder as they can't see it. And now they can see all the folders and files. They can't open then as they only have List Folders access but still. They shouldn't see all that stuff.

This seems like a horrible way to mamange and will get out of hand quickly when it becomes larger. Which it is, I just tried to simplify for my example. Morale of the story is I need to be able for certain people to see sub-folders without seeing the stuff above or at the root.

Thanks for your help,
Ed
 
Sort by date Sort by votes
That's great. We do have 2 2008 servers and have noticed this behavior by default. So thanks for pointing this out. I will be enableing this on any 2003 server.

I still have the problem though. If I want a user to have access to a SUB-FOLDER and not the folder above then how do I do this? If I add the user to the subfolder first I have to turn off inhertitance, which is bad form right? Then when they browse they can't get to it because they get an access is denied at the root folder because they don't have access to it.

Or are you telling me that by enabling Access-Based Enumeration they will be able to see the sub folder even without access to the root folder?

Thanks I really do appreciate any help. I have a bunch of servers to migrate and better to start out doing it right than go backwords and try to fix them later.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MaioMaio
  • Question
Server Remote Desktop License
Replies
0
Views
101
MaioMaio
MaioMaio
Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
116
Aquiles Vidal
Aquiles Vidal
Abdullah Al Maruf
  • Locked
  • Question
Telnet help for
Replies
2
Views
101
gbaughma
gbaughma
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
141
suncit
suncit
antonio_dsanchez
  • Locked
  • Question
post-installation WSUS windows server 2016
Replies
0
Views
92
antonio_dsanchez
antonio_dsanchez

Part and Inventory Search

Sponsor

Back
Top