none
Folder and File security permissions

    Question

  • Hi There all,

     im hoping that some one can shed some light on how to this specific task:

     i have SBS server 2003, i have shared drives  and folders,

     lets say one of these is Called Company Data, shared as P:\ (Public)

    this drive has access groups setup 

    it has folders for different departments, and folders for general "Public " browsing. 

    These folders have security groups attached with the appropriate security and all work fine.

    I have had a request that Senior management need to have Full Access to this Shred Drive,

     Ok , I have created a group " senior Management" and added the users to this,

     Now in the root of the shared drive i have added the group " senior management " to this.

    Now , how do i give them permission to have full access to the entire drive ( folders and files) without interrupting the security for other security groups. Thus loosing my entire security structure and having to re-apply security for my entire organization.???

    Suggestions would be appreciated !!! 

    Thanks in advance

    Weazzellboi

    Wednesday, October 02, 2013 11:03 PM

Answers

  • Hi

    You must add the usergroup to all folder that you stopped the inheritance of the NTFS security..

    If in P:\ (you stopped inheritance there in the past) You add him there

    If in P:\folderx\folder_y (A folder that you stopped the inheritance in the past) You re-add the user group there)

    etc...

    Regards


    MCP | MCTS - Exchange 2007, Configuring | Member of the TechNet Wiki Community Council | Member of the TechNet Wiki International Council | French Moderator on TechNet Wiki (Translation Widget)| Citrix Certified Administrator : XenApp | Citrix Certified Administrator : XenDesktop

    Friday, October 04, 2013 2:36 AM
  • Hi Weazzellboi,

    Thanks for your posting.

    I haven’t completely understood you.

    If you mean you want to add the group "senior management" with full Access and you also wish this new NTFS permission setting will not cover the former NTFS permission setting.

    By default, when you set the full control permission of a specific group to the folder, all users of the group will have the full control to the folder regardless of the former permission have set to the users. Because the final permission to the folder is the one which has largest scope (the full control has the largest scope in all the permissions), when all the different allow permissions have set to the folder.

    If you are worried about the security and don’t want some users to have the full control, you can set the deny permission, Deny permissions always override allow permissions, except in very limited explicitly defined circumstances. Additionally, users do not need full control over anything but their My Documents folder.

    I hope this helps.

    Friday, October 04, 2013 10:59 AM

All replies

  • Hi

    You must add the usergroup to all folder that you stopped the inheritance of the NTFS security..

    If in P:\ (you stopped inheritance there in the past) You add him there

    If in P:\folderx\folder_y (A folder that you stopped the inheritance in the past) You re-add the user group there)

    etc...

    Regards


    MCP | MCTS - Exchange 2007, Configuring | Member of the TechNet Wiki Community Council | Member of the TechNet Wiki International Council | French Moderator on TechNet Wiki (Translation Widget)| Citrix Certified Administrator : XenApp | Citrix Certified Administrator : XenDesktop

    Friday, October 04, 2013 2:36 AM
  • Hi Weazzellboi,

    Thanks for your posting.

    I haven’t completely understood you.

    If you mean you want to add the group "senior management" with full Access and you also wish this new NTFS permission setting will not cover the former NTFS permission setting.

    By default, when you set the full control permission of a specific group to the folder, all users of the group will have the full control to the folder regardless of the former permission have set to the users. Because the final permission to the folder is the one which has largest scope (the full control has the largest scope in all the permissions), when all the different allow permissions have set to the folder.

    If you are worried about the security and don’t want some users to have the full control, you can set the deny permission, Deny permissions always override allow permissions, except in very limited explicitly defined circumstances. Additionally, users do not need full control over anything but their My Documents folder.

    I hope this helps.

    Friday, October 04, 2013 10:59 AM
  • ok, hi there,

     What I have been asked to do is:

    Step one: Create a " senior management security group" add  users.

    Step two: apply this group to the Root " company_data" folder on their file server with Full permissions.

    current situation.

     lots of security groups with all sorts of permissions and access to hundreds of files and folders depending on their group membership etc.

    my question:

    How do i apply the " seniuor management group" with Full permission to my " company_data" group without disrupting security for the entire operation, folders/ files / shares.???

    Does the " senior Management" group permissions once applied to the entire company_data folder change access to other groups within the organization?

    I don't want to have to re-invent the "security" wheel for hundreds of users in spite of 5 managers. The current system has been fine for years and I don't want to change for change sake...

    all your comments most welcome! :)

    have a great day

    Monday, October 14, 2013 11:12 PM