Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations sizbut on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Shared Folders for Departments

Status
Not open for further replies.
raycclark

raycclark

MIS
Nov 13, 2006
4
US
I am new to SBS, so sorry if this is a very basic question. I would like to create a shared folder for each department (i.e. Accounting, Sales, etc.) that is only accessible to each person in that department. I created a security group and added members to the group. I created a share to the folder (\\server\dept). I set the security exactly like the users shared folders. Even though I am not in the Accounting security group, I can access the folder (\\server\dept\accounting). I believe the domain users group is granting me access, but when I remove domain users and add the security group (accounting), the users in the security group cannot access the folder. Any help would be greatly appreciated.
 
Sort by date Sort by votes
With only Accounting, Domain Admins, and System, the user in Accounting cannot access the folder. Maybe I do not have the security group for Accounting setup correctly.
 
Upvote 0 Downvote
Were you using a domain admin/administrator account whilst testing the security?
 
Upvote 0 Downvote
Try giving Domain Users Modify permission then adding additional permissions for each department and deny access to those groups that do not need access. The most strict permission will override the domain users permission.

For Example on your accounting share you would have domain users with modify (or full control) and then additional permissions for the specific groups you want to deny access to this share.

 
Upvote 0 Downvote
In testing the security, I used a user account (non admin). I had rather grant permission to the specific group, instead of denying permissions to the groups that I want to deny access.
 
Upvote 0 Downvote
Give all users modify access to the Root folder. Then on the department folder make sure you set it NOT to inherit from the parent folder and then assign specific permissions for only those users you want to have access to the specific folder.
 
Upvote 0 Downvote
When you did the share, did you put the leave the share permissions as default, and then add the permission for the security group on the security tab?

What happens if you share at server\dept\accounts level rather than server\dept, and then assign permissions as above?

(Test on a new set of test folders rather than the ones you are working on)


 
Upvote 0 Downvote
Thanks to everyone for your help. When I created the new security group and added users to the group, I tested access with a user that was already logged in. The user didn't join the security group until they logged out and back in. Now everything works.

Thanks, again.
 
Upvote 0 Downvote
Yes, per-group security tokens are attached to the user at logon, so any new groups you add them to will not affect their tokens until you log out, and log back in.

Dave Shackelford
Shackelford Consulting
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Abdullah Al Maruf
  • Locked
  • Question
Telnet help for
Replies
2
Views
528
gbaughma
gbaughma
Dave60608
  • Locked
  • Question
Accessing shared folders via a network
Replies
5
Views
434
strongm
strongm
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
889
gbaughma
gbaughma
nukeinfer
  • Locked
  • Question
Internet restrictions for isolated PCs in the Network
Replies
1
Views
477
mangentle
mangentle
Teo En Ming
  • Locked
  • Question
Actions taken during Disaster Recovery for client whose IBM Megaraid controller has failed
Replies
2
Views
461
fightaccording
fightaccording

Part and Inventory Search

Sponsor

Back
Top