• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Shares / sub-folders

C

coolVariable

Diamond Member
Setting up shares for multiple groups of people with different access permissions.
I really would like EVERYBODY to be able to access/map-as-a-network drive the main share folder with certain sub-folders then only being accessible to certain groups/users.
But whether I set up the "main" folder as accessible to everyone or set it up for a special group "ALL" ... everybody always has access to all sub-folders (btw - yes, I did go in and change the permissions so for the sub-folders it did NOT list 'Everyone' or 'ALL' but only the group that is supposed to have permission plus Administrators)

What is going on? Why is this not working?

(PS: everybody will map network drives for the shares and people should not have to map 15+ network drives for all the different folders)
 
If you go this way you have to Block the users/groups that are Not allowed on the specific sub folder.


😎
 
JackMDS said:
If you go this way you have to Block the users/groups that are Not allowed on the specific sub folder.


😎
Click to expand...

That also does not seem to work.

Essentially I have the following setup

Share folder
- sub-folder 1 (for Users #1 and #2)
- sub-folder 2 (for Users #2 and #3)

Map the network drive for all users to "Share folder"
User #1 should only see and be able to access sub-folder 1
User #2 sees and can access both
User #4 should only see and be able to access sub-folder 2
 
What server are you using to do this? With NTFS permissions, this is possible and if it doesn't work with an NTFS server (2000, 2003, 2008), then you're doing something wrong. Set the share permissions to everyone on all shares and then set the NTFS permissions to who actually needs access. Everyone else will receive access denied errors if they try and open the folder. This is how we had one of our servers at my last company setup. One main network drive and each department had it's own folder under this and yes - it worked how it was supposed to.
 
I am using Win2008 SBS.

This just does not work:
- Right click 'Main folder' => Share => add 'Everyone' with 'Read' permission
- Right click 'Sub-folder 1' => Share => set permissions for 'Everyone' to 'Deny' and add 'User Group #1' with permissions 'Allow' for everything

... Everyone can access the 'Sub folder 1' by going through the 'Main folder'.

If I then go into Security (NTFS Permissions) and set 'Everyone' to 'Deny' the whole folder disappears (even though 'User Group #1' is also set as allow here).
WTF?!?!?!?! This shouldn't be this hard!!!

RadiclDreamer said:
Stop the subfolders from inheriting permissions from parent and then set the permissions you want on the sub
Click to expand...

How?
 
coolVariable said:
If I then go into Security (NTFS Permissions) and set 'Everyone' to 'Deny' the whole folder disappears (even though 'User Group #1' is also set as allow here).
Click to expand...
The "Everyone - Deny" overrules anything else you have set for that folder. "Deny" always overrides "Allow".

If you only want a certain group to access a folder, turn off permission inheritance for that folder, and select "Copy" of the default security permissions. Then delete the unwanted permissions and add the ones you want. Keep "System", "Administrator" and other default internal housekeeping groups on the access list. Use "Deny" very carefully. It's seldom necessary.
 
Last edited:
kevnich2 said:
What server are you using to do this? With NTFS permissions, this is possible and if it doesn't work with an NTFS server (2000, 2003, 2008), then you're doing something wrong. Set the share permissions to everyone on all shares and then set the NTFS permissions to who actually needs access. Everyone else will receive access denied errors if they try and open the folder. This is how we had one of our servers at my last company setup. One main network drive and each department had it's own folder under this and yes - it worked how it was supposed to.
Click to expand...

"Everyone" should be deleted.... Use "Domain users." Everyone means... Everyone including the anon users.

--EDIT--

Or "Authenticated Users"

The idea is that guest accounts can view and access the shares because the anon and guest accounts are "everyone." Domain Users and Authenticated Users exclude those accounts (and computer null accounts for that matter.)
 
Last edited:
imagoon said:
"Everyone" should be deleted.... Use "Domain users." Everyone means... Everyone including the anon users.

--EDIT--

Or "Authenticated Users"

The idea is that guest accounts can view and access the shares because the anon and guest accounts are "everyone." Domain Users and Authenticated Users exclude those accounts (and computer null accounts for that matter.)
Click to expand...

Yeah sorry - I use everyone on my home file server. Yeah you want to use either domain users or authenticated users.
 
OP - you need to get a book on how to setup NTFS and share level permissions - this stuff needs to be learned before you do this for a company and risk messing things up Any book Windows Server 2008 should have the proper info in it for proper permission settings.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top