Re: Security and Permissions
From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 08/05/04
- Next message: Steven L Umbach: "Re: No logon servers available"
- Previous message: Kristen: "Don't want password prompt on startup"
- In reply to: jmos: "Re: Security and Permissions"
- Next in thread: Andrew Mitchell: "Re: Security and Permissions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 05 Aug 2004 18:48:28 GMT
You have "ntfs" permissions configured on the sub folders to give specific groups
access and users not in any of those groups can access/write/and delete to those
folders?? I have never seen that before. Be sure to check advanced permissions also
for those folders for group permissions. In addition make sure that on the root/drive
folder that users/everyone has no more that read/list/execute permissions. If you
still can not get it to work try using three separate top level folders - one for
each group you want to access. Make sure you are not testing access with existing
user files because if creator owner is present in ntfs permissions, the user will be
assigned creator owner permissions to the file if they are the owner of the file as
shown in security/advanced - owner, even if they have no other permissions to the
folder. --- Steve
"jmos" <anonymous@discussions.microsoft.com> wrote in message
news:069801c47ac7$98f26700$a501280a@phx.gbl...
> Yes,
> What's happening is that in the case of both Joe and Mary
> they have access to all the sub folders in the share and
> that's what I do not want. They shoud only have access to
> certain sub folders in the share but generally have access
> to the share i.e to get to the sub folders.
>
>
>
> >-----Original Message-----
> >At first glance it looks as if you are doing everything
> correct. Are you saying that
> >Joe and Mary can access the data and write and delete
> files in all the subfolders or
> >what kind of access are they getting to them that you
> find unexpected? --- Steve
> >
> >"jmos" <anonymous@discussions.microsoft.com> wrote in
> message
> >news:03e801c47a74$622c1e30$a601280a@phx.gbl...
> >> Thank you Steven
> >> Yes I am including the NTFS Permissions.
> >>
> >> What I'm doing is this:
> >>
> >> 1. Create a group (Share Group) and and GP 1-3 to it.
> >>
> >> Share Permissions -> Domain Admin -> Full Control
> >> -> Share Group -> Change
> >>
> >> Share NTFS -> Domain Admin -> Full Control
> >> -> Share Group -> Modify (Special)
> >>
> >> Share Sub folders no Inheritance
> >>
> >> Share Sub Folder 1-> Domain Admin -> Full Control
> >> NTFS -> Group1 -> Modify (Special)
> >>
> >> Share Sub Folder 2-> Domain Admin -> Full Control
> >> NTFS -> Group2 -> Modify (Special)
> >>
> >> Share Sub Folder 3-> Domain Admin -> Full Control
> >> NTFS -> Group3 -> Modify (Special)
> >>
> >> User Joe appears only in Group1
> >> User Mary appears in Group 1 and 3
> >>
> >> Now my understanding is that for user Joe they would get
> >> the most restrictive of both the Share and the NTFS of
> the
> >> share AND that the NTFS of the Sub Folder overrides the
> >> securities of the forementioned i.e only access to Share
> >> Sub folder 1. The same would apply to User Mary i.e
> access
> >> to only Sub Folders 1 and 3 not 2.
> >>
> >> Am I right in saying this?
> >>
> >> If so why is this not currently working in my domain and
> >> what else should I do or be looking for?
> >>
> >> Many thanks for your reply
> >>
> >> JMOS
> >>
> >>
> >> >-----Original Message-----
> >> >Are you configuring ntfs permissions also? You also
> might
> >> try to use three top shares
> >> >instead as SB1, SB2, and SB3. However you do it, give
> >> system and administrators full
> >> >control ntfs permissions and then add the appropriate
> >> user group with the needed ntfs
> >> >permissions to each folder. If you are sharing one top
> >> folder then give
> >> >administrators full control and users change
> permissions
> >> to the share. If you use
> >> >three top shares then give administrators full control
> >> and the appropriate group
> >> >change control to each folder. Ntfs permissions are in
> a
> >> folders properties/security
> >> >page. When you test results be sure to logon as a user
> >> and not as an administrator
> >> >and log off and back on after a change to share or ntfs
> >> permissions. For a network
> >> >users, their permission to a share will be the most
> >> restrictive of either the share
> >> >or ntfs permissions. The link below may help. ---
> Steve
> >> >
> >> >http://support.microsoft.com/default.aspx?kbid=300691
> >> >
> >> >"jmos" <anonymous@discussions.microsoft.com> wrote in
> >> message
> >> >news:c31101c47a3a$5130eff0$a301280a@phx.gbl...
> >> >> Can some explain (simply) how Share, folder and sub
> >> folder
> >> >> permissions work because evrything I do in my domain
> >> >> simply does not work?
> >> >>
> >> >> All users have access to everything regardless of
> what
> >> >> permissions I set.
> >> >>
> >> >> I leave the network for up to and hour, log on as a
> test
> >> >> user and they still have access to everthing even
> >> though I
> >> >> specify access to only a select no. of shares.
> >> >>
> >> >> Currently I have a share - SHARE A with Subfolders
> SB1-
> >> >> SB3.
> >> >>
> >> >> Each SB folder is a project which only a select few
> can
> >> >> have access to.
> >> >>
> >> >> If I have groups GP1 -3 for each SB folder what
> >> >> permissions should I have for:
> >> >>
> >> >> 1. the Share
> >> >> 2. the Share folder (Security)
> >> >> 3. the SB folders in the share.
> >> >>
> >> >> Hope someone can help.
> >> >>
> >> >> TIA.
> >> >
> >> >
> >> >.
> >> >
> >
> >
> >.
> >
- Next message: Steven L Umbach: "Re: No logon servers available"
- Previous message: Kristen: "Don't want password prompt on startup"
- In reply to: jmos: "Re: Security and Permissions"
- Next in thread: Andrew Mitchell: "Re: Security and Permissions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
