Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Windows Server TechCenter >
Need help with file and folder permissions

已答覆 Need help with file and folder permissions

  • Sunday, December 30, 2012 1:43 AM
     
     
    Sign In to Vote
    0

    Hi, I'm a long time os x server admin who needs some assistance setting up file/folder permissions. I just moved our data from an os x server to a windows network share. Our campus windows admins created the share and gave me full access to it. Now I'm ready to set the file/folder permissions for the share. 

    On my os x server network share everyone in my dept has read only and can see all the folders on root of the network share. No one can add files or folders to the share root. Then for each folder off the share root, a security group is given read/write access to that folder.

    So, the share root looks something like this:

     -Advocacy (the advocacy group has read/write to contents of this folder)
     -Development (the research group has read/write to contents of this folder)
     -Research (the research group has read/write to contents of this folder)
     -User HomeDirs (everyone has read only to see all the folders in the list, but each person has full access to their own user folder)

    I've been reading through some of the windows file and folder permissions and I'm confused about how to do this without totally screwing up the permissions. Can I get the same or similar settings that I had in os x?

     

All Replies

  • Sunday, December 30, 2012 4:20 AM
     
     Answered
    Sign In to Vote
    1

    Hello Williams, 

    1. We set permission to share folders first then to home folders (will be discussed in point 2).

    Create a default share first with default settings (including Access Based Enumeration(ABE) option).Then inside share create individual folders with the name Advocacy, Development, Research and set NTFS permissions to 3 folders with respective group names.

    First and foremost thing is set proper NTFS permissions, which plays vital/major role in accessing share folder.Below snap-shot is just example how to set NTFS permission to development folder to add development group.

    • 2. I suggest you check below blog link which will help you to create user home directories along with permissions.

    http://blogs.technet.com/b/askds/archive/2008/06/30/automatic-creation-of-user-folders-for-home-roaming-profile-and-redirected-folders.aspx

    Thank you and please write here again if you need any other help.

    Regards, Ravikumar P

     
  • Sunday, December 30, 2012 7:38 AM
     
     
    Sign In to Vote
    0

    check this article for step by step verification

    http://guides.macrumors.com/Networking_Windows_with_Mac_OS_X

    http://support.apple.com/kb/HT1568

    thanks

     
  • Monday, December 31, 2012 9:18 AM
    Moderator
     
     Answered
    Sign In to Vote
    1

    Hi Audrey,


    Add to Ravikumar, we can also refer to the following documents:


    File and Folder Permissions

    Managing Permissions


    Hope this helps.

    Jeremy Wu
    TechNet Community Support

     
  • Monday, December 31, 2012 1:41 PM
     
     
    Sign In to Vote
    0

    Hi Ravikumar,

    Thank you for your reply. The links were very helpful, especially the one to the ABE information. I wasn't aware there was a way to make visible only the folders a person has access to. Nice feature.

     
  • Monday, December 31, 2012 1:44 PM
     
     
    Sign In to Vote
    0
    Thank you for these reference links Jeremy. I will definitely need to refer to them frequently since setting windows permissions seem to be more complicated than setting MacOS permissions. 
     
  • Thursday, January 03, 2013 3:11 AM
    Moderator
     
     
    Sign In to Vote
    0

    Hi Audrey,


    Just check if you have any update about the case.


    Also, to configure NTFS permissions, we just need to add a user or group in the Security tab and define right permissions as needed. Take it easy.


    Best Regards.

    Jeremy Wu
    TechNet Community Support

     
  • Friday, January 18, 2013 3:16 PM
     
     
    Sign In to Vote
    0

    Hi Jeremy,

    First, thank you for the follow up. As far as an update goes. I'm still struggling w/ all of the different file and folder permissions. I've tried a few different combinations, but it's still not quite right. I understand where to go to set the basic and advanced permissions of the files and folders. What I still don't understand is the correct combination of permissions to achieve the results I'm looking for. I'm not sure at what level to remove the inherited permissions.

    For example, I am pretty sure the basic permissions that are set on the share root give the users too many permissions. These were the defaults that were set up for me by my campus domain administrators. What's currently set is as follows:
      Authenticated Users: Read/execute, list folder contents, read
      MyDeptAdminGroup: Full control, modify, read/execute, list folder contents, read, write
      MyAccount: same permissions as MyAdminGroup

    Since I am the admin for our share, MyAccount is set like I want it with full access. I only want my dept users to see the folder list in the share root and that's it. They should *not* be able to open, view files or folder list inside any folders off the root (Development, Research, etc) *unless* they are a member of group that has full permissions to that folder. So everyone should be able to see the Development folder itself, but only the development group has full control of what's inside the Development folder.