Re: File/directory permissions
From: Oli Restorick [MVP] (oli_at_mvps.org)
Date: 06/13/05
- Next message: Pat Hoffer [MSFT]: "RE: Security problems from XP to 2000"
- Previous message: Oli Restorick [MVP]: "Re: File/directory permissions"
- In reply to: Grace: "File/directory permissions"
- Next in thread: Grace: "Re: File/directory permissions"
- Reply: Grace: "Re: File/directory permissions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 13 Jun 2005 21:28:07 +0100
Unless I'm missing something, I don't see that this scenario as being
complex at all.
When you create the root directory, I'd set the ACL to
builtin\administrators:F. Don't give any users access (you'll be used to
this, coming from a Netware background). That way, any newly-created
projects will have the right permissions by default.
Then, create a group corresponding to each project, and set the ACL to allow
members of the group change permissions (C).
If you prefer to do this from the command prompt, the following command
would do the trick.
cacls g:\projects\client1\94m43 /t /e /g proj94m43:C
>From what you've said, the ACL I'd use on the share would be
builtin\administrators:F, builtin\users:C
Where this scenario would get complex is if you wanted certain groups of
users to be able to access only, for example, the calculations folders for
each project they're working on. I haven't yet seen a convincing solution
to that problem.
Regards
Oli
"Grace" <yyy@yyy.com> wrote in message
news:ekglsXEcFHA.3932@TK2MSFTNGP12.phx.gbl...
> Scenario - Windows 2000 Server SP4, name server1:
>
> Created a share on the server called shared$
>
> On users' PCs g: is mapped to \\server1\shared$
>
> directories on g:
>
> projects
>
> client1
> - 94m43
> admin
> estimate
> calculations
> - 94m44
> admin
> estimate
> calculations
>
> client2
> - 99r33
> admin
> junk
> letters
>
> I know that I cannot limit what users will see at the root of g:, like in
> Netware environment
>
> I need the following file permissions:
>
> users need to have g: mapped to the "shared$"
>
> Then for example, a global group "Proj94m43" needs to be able to do
> anything
> in admin, estimate, calculation directories but it cannot create
> directories
> or files directly under 94m43. Also, I don't want this group to be able
> to
> open files in other projects, for example 94m44 or client2\99r33, even for
> read only. Admins should have access everywhere, of course.
>
> Another group, "Proj99r33" will need to work client2\99r33 subdirectories,
> same way as above. There will be new groups, new project subdirectories
> established when we get more work.
>
> I thought about leaving the share permissions alone (at default) and
> control
> everything thru NTFS but how exactly do I need to set it?
>
> I understand how they work together (share, ntfs), how they add up under
> ntfs, but I need real world examples for complicated setups like mine. I
> am
> moving from Netware and permissions are turning into a nightmare.
>
> I appreciate help with the above and pointers to sites
> w/explanations/examples more involved than basic.
>
>
>
- Next message: Pat Hoffer [MSFT]: "RE: Security problems from XP to 2000"
- Previous message: Oli Restorick [MVP]: "Re: File/directory permissions"
- In reply to: Grace: "File/directory permissions"
- Next in thread: Grace: "Re: File/directory permissions"
- Reply: Grace: "Re: File/directory permissions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
