• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Question about Win2k permissions

U

unnamedplayer

Member
Hi all. I was hoping for a little help. I have a Win2k file server with 3 directories shared. I have serveral workstations that have these shared directories mapped as a network drive. I have some special concerns about one group of users though.

Lets say I made a profile for this group of users called "Users" and in this profile there is one account that all these people will share called "user" I want this account to be able to access only 1 special folder in one of the mapped drives. What permissions do I have to set to be able to do this?

What I tried so far is adding the group Users in the Security tab of each shared directory and taking away all of their permissions except List Folder Contents. Then I set permissions on the subfolder which I want them to be able to access and gave them Full Control.

However, when I tested this out by logging in on a workstation as user, I was still able to open files that were not within that special subfolder.

How can I fix this? Any help is greatly appreciated!

P.S. I hope I explained this ok 🙂
 
One of the first things that I thought was what other permissions are on that share? Make sure things like the guest account and "machinename"/users , a built in default account, is not listed or have the permissions changed to reflect what you want. A coworker of mine had a similar problem with a share in a workgroup (I assumue a workgroup since four computers would be a lot of work for AD/Domain envrionment), and the users were connecting to the file server via the guest account, which had modify rights.

Something to keep in mind, the security rights are all culmlative, and there are a few groups that have rights and are there by default.
 
Yes, this is a workgroup and the only other groups with permissions set on the shares are administrators and Everyone. "Everyone" however is set to List Folder Contents only.
 
Hmm..I just noticed that the shares also have that "machinename"/users group in the Security tab, but I know that the "user" account I created is only a member of the "Users" group I created.
 
You should check your effective permissions for the everyone group on these directories. Do you have the folders checked to propagate or inherit permissions? If so thats your problem. You should only use the everyone group to gain access to the directory, but remove the everyone group and set proper account access on the folders and files with in the share. Doing it the way you are doing it your creating another headache, because if your limiting the permissions of the everyone group that will affect other accounts as well, because every account is also a member of the everyone group. If its a folder that you only want this group to have access to then you should set proper permissions for that group, including a seperate account they will use for access, and make that folder a network share on its own. You should steer away from using the everyone group except for access to a directory or share, but not for control of folders or files inside, for that set specific account folder permissions and ntfs permissions for files.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top