Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Permissions for network shares

Status
Not open for further replies.
Beowulf005

Beowulf005

Technical User
Apr 5, 2005
640
I have one user account that is a general login for employees. However they can currently browse to the server and view all the files for the other network users. How can I limit them from viewing these files.
Notes
My folder redirection on.
Need to view items in my documents
Needs to access one database share

Tried to change their permissions so they would be denied for the files but it locks them out of ever thing.

When frustrated remember, in the computer world there is almost always a backdoor.
 
Sort by date Sort by votes
Why are you using a single account. Sounds like you are just trying to get past the licensing restrictions in SBS.

Each user should have their own ID and users should be made members of groups. Lock down your share so that only the groups you want to access it have rights to it.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
 
Upvote 0 Downvote
It because its the nature of the business. Most are not using the computer and when they do its just to view the Internet. But we have found they are browsing the network looking at information that they are not supposed to be. Anyway the employee are all just high school kids working a temp job.

When frustrated remember, in the computer world there is almost always a backdoor.
 
Upvote 0 Downvote
It because its the nature of the business.
Click to expand...

I don't mean to be harsh but is it the nature of the business to not have proper licensing? Great way to have your business shut down.

SBS licensing is already discounted and you are required to have one ID per user. Having more than one actual person using the same ID at the same time puts you in violation of licensing.

The proper way to set this up is to do as I specified above. Give each user an ID and lock down the permissions.

If you have students that you just want to be able to browse the Internet, then have them log in locally and not into the domain and don't give them passwords to access the domain. You don't need any additional licenses for that.

I highly recommend that you get your business in order before you find yourself in trouble with the SPA. The few hundred dollars for licenses is much less than the tens of thousands you would pay in fines.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
 
Upvote 0 Downvote
I am asking how to correct the issue, not the licensing. Even if I sent up accounts for all the users I will still have the same issue.

When frustrated remember, in the computer world there is almost always a backdoor.
 
Upvote 0 Downvote
You seem to be missing the point. Configure the NTFS and share permissions so only authorized users can access the data.

To do that you need to get your users to each have an ID so the users can be identified as unique.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
 
Upvote 0 Downvote
You would assign the users to appropriate groups and grant groups permissions to files. That's how you CORRECTLY setup shares. Except for individual home directories, you NEVER assign users directly to a share (ok, maybe not never, but it's truly a RARE exception - one that I don't think I did more than once in a 10 year position as systems administrator with over 1000 users and 1200 PCs). This is because you create administrative headaches for yourself when you start trying to add people or remove them from access to folders.

Do it correctly - or hire someone to do it correctly.
 
Upvote 0 Downvote
I am using group. The problem that I am running into is in SBS when you turn on my documents redirection is stores all my documents in C:\users\[user name]\... Now the limited account needs to be able to access its my documents but when I give them access, it opens all the documents to all users and that is what I need to stop
I have tried adding the group to the other my documents with unchecking all permissions but they still can access them. I have tried removing permissions to c:\users and adding permissions to c:\users\[account] but get deined access.

When frustrated remember, in the computer world there is almost always a backdoor.
 
Upvote 0 Downvote
Sounds to me like you need to do a little reading on NTFS Permissions and Share Permissions with a particular focus on something called [red]Inherritance[/red].

I would also suggest taking an Admin course so you could understand why your current configuration is a security risk, bad for business and illegal.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
 
Upvote 0 Downvote
Definitely - you need some instruction. There's NO WAY I would allow user folders to be stored on the C: drive. That's dangerous to the SBS server - if users fill up the space that can be problematic. There are quotas be default, but there's no way your users folders should be on C:. I suspect you also have the Exchange information store on C: still as well. Not good - if that grows and fills the disk you can kill (or at least temporarily cripple) Active Directory, Exchange, your users... it's not a good idea. Move those things OFF the C drive and put them elsewhere. Also, read up on NTFS permissions and inheritance (or take a class), as already recommended.

Reference:
 
Upvote 0 Downvote
I was using the C drive as a place holder for my question. ALL data sits on the d drive. Have a book on Small business server. Was just hoping someone might have some insite/experience that would be helpful

When frustrated remember, in the computer world there is almost always a backdoor.
 
Upvote 0 Downvote
Beowulf005,
What exactly are you trying to accomplish? Do the general login users need access to network resources (files/printers) or just connectivity (to see the Internet)? If it's the former, the brute force solution is to create a share just for the general login's documents, and make sure they have rights to it and nothing else. I've done group logins in industrial settings, but as you can see, most admins hate it. It's a huge risk, and you destroy a lot of your access control.

If it's the later, create a local account on the machine, assuming your firewall doesn't rely on AD authentication. If they login to the machine but not the network, and your security is alright then they shouldn't be able to see anything on the network.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
204
DTGMI
DTGMI
Abdullah Al Maruf
  • Locked
  • Question
Telnet help for
Replies
2
Views
235
gbaughma
gbaughma
nukeinfer
  • Locked
  • Question
Internet restrictions for isolated PCs in the Network
Replies
1
Views
210
mangentle
mangentle
mangentle
  • Locked
  • Question
What could be the potential causes if a Microsoft Windows Server is experiencing slow network!
Replies
1
Views
406
gbaughma
gbaughma
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
395
gbaughma
gbaughma

Part and Inventory Search

Sponsor

Back
Top