Folder Permissions

[moonguppie]

My boss is trying to make a folder on our network drive accessible to a list of people with read only access and everyone else in the company will have no access. How should I do this?

A little knowledge is dangerous.

 

[ATLMatt]

Not quite enough info provided to tell you for sure, but assuming it is on a XPPro or 2003 server box:

You could set up the share, go to the security tab, and remove everyone from the "Group or user names" area who shouldn't have access. You can add individual user names or groups, and you can set the access rights for each group or user on the list. One thing you should keep in mind, is inheritance, in the advanced tab you can enable or disable it if certain policies are allowing or disallowing users access to the folder.

 

[linney]

Use the Security Tab and set the Access Permissions accordingly on the folder. Reinforce it with the Sharing Tab Permissions too.

Make sure the Everyone or User Group are not allocated any access rights (leave them out of the listed Groups) and only named users have Read access. Some one will have to have higher access rights to put files in the folder and maintain it.

If you don't want to list all the users with Read access individually, you can create a new group name for all those users and just list the new Group name with only Read access.

 

[IllogicallyLogical]

Access to network shares can be accomplished in a couple of ways including examples above. Remember when using NTFS and Share permissions the most restrictive permission between the two prevails. Microsoft recommends using either Share permissions or NTFS permissions to control access to resources, but not both (i.e. do not try to give different permissions with both Share and NTFS). That being said, best practices when you are using NTFS permissions to control access to resources on your network is to give the Everyone group the Full Control Share permission for shared folders. Then control the access with the NTFS permissions. This will make troubleshooting access permissions much easier when there is a problem. Create the Group that you want to access the folder and add the users to that group. Then on the Security tab add the group to the list and give them the Read permission. Remove the Everyone group from the Security tab and any other groups you want to deny access. This should accomplish what you are looking for. Even though the Everyone group has Full Control on the Share permissions, any one that is not part of the explicit group you added to the Security tab will be denied access because you removed them from the list. Hence the most restrictive permission would be no access because they are not on the Security (NTFS) ACL.

Joey
A+, Network+, MCP, Wireless#

 

[moonguppie]

Yes, we are in a Server 2003 environment with a single server and multiple drives. My apologies, in my haste I neglected a few bits of information.

A little knowledge is dangerous.

 

[moonguppie]

Thanks to all for the help!

A little knowledge is dangerous.