Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Share folder permissions

Status
Not open for further replies.
theniteowl

theniteowl

Programmer
May 24, 2005
1,975
US
Hi All,
This is kind of basic but I can see several ways to do this and want to know what is the best approach.

I want to share out a set of folders on the server with varied levels of access to them.

MainFolder
Documentation
Users
User1
User2
User3
SharedResources

MainFolder is the top level share and should be viewable by all but only the admin group will have rights to create/delete/etc.
All users should have the ability to see and read documents in the Documentation and SharedResources folders.

Domain level groups will exist for each Userx folder. In these folders only the admins and the group corresponding to that folder will have access. Others should not be able to read any content within those folders.

Admins will have rights to all folders from Main on down.

The current configuration gives the Everyone group the ability to browse/read/execute through the folders and by default the rights propogate to the share folder and down.
I can setup specific folders for access by the individual domain groups but wonder the best way of restricting access to the sub folders as they propogate down.
Should I stop them from propogating or should I apply specific restrictions where required?


At my age I still learn something new every day, but I forget two others.
 
Sort by date Sort by votes
Easiest way to tackle this is to script the setting of permissions assuming you have a large number of folders to set permissions on.

For your subs you will need to break inherritance and specifically set permissions.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
 
Upvote 0 Downvote
There will not be a large number of folders to set the permissions on so I will handle it manually, just have to figure out the best approach without having to add in lots of exceptions.

So I guess I should probably stop inheritance at the first folder, set permissions for Everyone to have read only from that folder and let it inherit down until I hit the private user folders and then set each of them to disallow inheritance? Or perhaps in the user folders I should restrict Everyone from their read access but leave inheritance so I do not break access for the admin group (domain group, not the local administrator group).



At my age I still learn something new every day, but I forget two others.
 
Upvote 0 Downvote
So I guess I should probably stop inheritance at the first folder, set permissions for Everyone to have read only from that folder and let it inherit down until I hit the private user folders and then set each of them to disallow inheritance?
Click to expand...

Yes

Or perhaps in the user folders I should restrict Everyone from their read access
Click to expand...

No, a deny takes precedence over all other settings. Even if you added a user with full control they would not have read access.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

sburgess73
  • Locked
  • Question
MSIPCCache Folder
Replies
0
Views
232
sburgess73
sburgess73
tscstl
  • Locked
  • Question
access to local folder
Replies
1
Views
350
hairlessupportmonkey
hairlessupportmonkey
Dave60608
  • Locked
  • Question
Accessing shared folders via a network
Replies
5
Views
618
strongm
strongm
StevenFromSouth
  • Locked
  • Question
VPN Connects but cannot access remote network computers or folders
Replies
1
Views
310
StevenFromSouth
StevenFromSouth
juliog
  • Locked
  • Question
Unable to get Server 2019 GPO Redirected Folders to Work on Windows 7
Replies
1
Views
287
tacohunter
tacohunter

Part and Inventory Search

Sponsor

Back
Top