Re: help with setting up File Access Rights in Windows 2003
From: andy smart (anonymus_at_discussions.microsoft.com)
Date: 04/06/05
- Previous message: Michael Pelletier: "Re: VLAN's & DMZ's"
- In reply to: iceghost: "help with setting up File Access Rights in Windows 2003"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 06 Apr 2005 08:56:17 +0100
iceghost wrote:
> I am new to Windows 2003 Server and I am trying to set up a simple
> directory structure to allow a small workgroup to access data based on
> their group. I come from a Novell background and I can do all the
> following very simply in Novell - but I need some help from you MS
> Gurus with this one please.
>
> I am setting up the following directory structure
>
> C:\
> Data
> Accounts
> Sales
> Marketing
>
> etc
>
> I need to allow access to Accounts to the Accounts Team and so on.
> I set up a security group called Accts and pulled the 2 accts people
> into it.
> I set up Data as a shared resource on the server.
> I then went to the c:\Data\Accounts Folder and removed all inherited
> rights and assigned Full rights to the administrator and the Accts
> Group.
>
> BUT with this configuration, H: (mapped to the Accounts Share) from a
> PC logged in with an Accts Group account cannot access the folders.
> (Access Denied)
>
> If I let the rights from C:\Data\Accounts propagate DOWNwards, it
> changes nothing.
>
> If however I allow inherited rights from above, everything works. But
> it also means ALL non Accts group users also can see everything in the
> folder.
>
> I asked a few colleagues and we didn't manage to work it out. What's
> the answer anyone please... Or is the answer not to use W2003 in this
> way? Shall I create several shares and assign rights to shares?
>
> The only way I got this to work is if I explicitly set the rights by
> username. But I don't want to do this for obvious reasons.
>
> Thanks in advance.
>
> Saeed
>
>
>
> ì
Have you set up both sharing and security permissions on 'accounts'? If
nothing is inherited then I THINK (correct me if I'm wrong Steven LOL)
then they won't see the accounts share. Inherited rights filtering in
Windows is not the same as the inherited rights filter system on Netware
(if only it was.........). My inclination would be to share at the level
of accounts, sales and marketing - with permissions to suit. Rather than
share at the level of data.
- Previous message: Michael Pelletier: "Re: VLAN's & DMZ's"
- In reply to: iceghost: "help with setting up File Access Rights in Windows 2003"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
