Simple NTFS task, can't figure it out!?
in [Windows Servers]
|
Prev: xcopy/robocopy pdfs created yesterday and today only.
Next: Users can log on after account is locked out
From: Jan Sjöholm on 25 Jun 2010 12:45 On an SBS 2003 there is a folder d:\data which contains several subfolders. Built in group Users has full access to folder d:\data and, through heritage, to all subfolders. Now there is one temporary User which should be granted read/write access to *only* one subfolder, i.e. d:\data\2010. All other subfolders should not be accessible, even better not visible (but this does not work, I think). I thought this would be an easy task, but I can't figure it out. I solved it creating a group called NoRightsForUserX, added the User and added this group manually to 55 subsfolders within d:\data (except "2010") and set "full deny" for this group to all of these folders. It works, but this cannot be the solution. How would a professional solve this?? Thanks a lot in advance, Jan
From: Phillip Windell on 25 Jun 2010 14:44
It is because you granted permission to the built in group "Users",....and everybody is in that group,...hence everybody has access. Create a new Domain Global Group Add the temp User to that group Set that group to be the users Default Group Remove them from the built in Users Group Or just don't grant permissions to the built in Users Group in the first place and remove that group from the permissions if need be. Create new unique Groups for unique jobs instead. -- Phillip Windell The views expressed, are my own and not those of my employer, or Microsoft, or anyone else associated with me, including my cats. ----------------------------------------------------- "Jan Sj�holm" <JanSjholm(a)discussions.microsoft.com> wrote in message news:B850F285-49E4-48E3-8AFA-00CFADBBFAFD(a)microsoft.com... > On an SBS 2003 there is a folder d:\data which contains several > subfolders. > Built in group Users has full access to folder d:\data and, through > heritage, > to all subfolders. Now there is one temporary User which should be granted > read/write access to *only* one subfolder, i.e. d:\data\2010. All other > subfolders should not be accessible, even better not visible (but this > does > not work, I think). > > I thought this would be an easy task, but I can't figure it out. > > I solved it creating a group called NoRightsForUserX, added the User and > added this group manually to 55 subsfolders within d:\data (except "2010") > and set "full deny" for this group to all of these folders. > > It works, but this cannot be the solution. How would a professional solve > this?? > > Thanks a lot in advance, > Jan > > |