Sign in with
Sign up | Sign in
Your question

Permissions on Shared Files

Last response: in Windows 2000/NT
Share
Anonymous
July 16, 2004 7:12:23 AM

Archived from groups: microsoft.public.win2000.security (More info?)

I was hoping someone could help me with an small issue
I'm having with assigning permissions to users.

This is my situation...

I have a shared folder on the network with a number of
subdirecotires (lets say one for each country) and I have
created groups of users for each of those country
folders. The problem I'm having is that I only want the
users to be able to view the folder for the country that
they're allowed to access (ie not to see all the other
subdirectories in the share, I've tried a number of
different permission settings including denying list
folder contents, but I keep getting access denied at the
top level shared folder.

Please can someone help me out, I'm going around in
circles, and I'm convinced I'm just missing something
simple.

Many Thanks in Advance for any help.

Reagrds

Michelle T
Anonymous
July 16, 2004 9:25:40 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Yes that is possible (just tested it on our network here).

To do it, give all of the groups access to the root folder (NTFS and Share
permissions), then on each of the subfolders, go into the security (NTFS)
permissions on each folder, and de-select the 'Allow inheritable permissions
from parent to propagate to this object', so you can change the permissions.
Remove all of the groups except those you want to have access. Repeat with
each sub-folder.

You'll then find that each user can access the main share, and will see all
the sub-folders, but will get an access denied on all folders except the one
they've been given permissions to.

Keith


"Michelle T" <anonymous@discussions.microsoft.com> wrote in message
news:2d62e01c46b1d$63137660$a601280a@phx.gbl...
> I was hoping someone could help me with an small issue
> I'm having with assigning permissions to users.
>
> This is my situation...
>
> I have a shared folder on the network with a number of
> subdirecotires (lets say one for each country) and I have
> created groups of users for each of those country
> folders. The problem I'm having is that I only want the
> users to be able to view the folder for the country that
> they're allowed to access (ie not to see all the other
> subdirectories in the share, I've tried a number of
> different permission settings including denying list
> folder contents, but I keep getting access denied at the
> top level shared folder.
>
> Please can someone help me out, I'm going around in
> circles, and I'm convinced I'm just missing something
> simple.
>
> Many Thanks in Advance for any help.
>
> Reagrds
>
> Michelle T
Anonymous
July 16, 2004 11:44:52 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Keith Langmead wrote:

> Yes that is possible (just tested it on our network here).
>
> To do it, give all of the groups access to the root folder (NTFS and Share
> permissions), then on each of the subfolders, go into the security (NTFS)
> permissions on each folder, and de-select the 'Allow inheritable permissions
> from parent to propagate to this object', so you can change the permissions.
> Remove all of the groups except those you want to have access. Repeat with
> each sub-folder.
>
> You'll then find that each user can access the main share, and will see all
> the sub-folders, but will get an access denied on all folders except the one
> they've been given permissions to.
Hi

Well, then Michelle is just as far, because the main goal was to *not*
see the sub-folders that the user did not have permissions to open.


--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/community/scriptcenter...
Related resources
Anonymous
July 17, 2004 2:19:11 AM

Archived from groups: microsoft.public.win2000.security (More info?)

On Fri, 16 Jul 2004 03:12:23 -0700, "Michelle T"
<anonymous@discussions.microsoft.com> wrote in
microsoft.public.win2000.security:

>I was hoping someone could help me with an small issue
>I'm having with assigning permissions to users.
>
>This is my situation...
>
>I have a shared folder on the network with a number of
>subdirecotires (lets say one for each country) and I have
>created groups of users for each of those country
>folders. The problem I'm having is that I only want the
>users to be able to view the folder for the country that
>they're allowed to access (ie not to see all the other
>subdirectories in the share, I've tried a number of
>different permission settings including denying list
>folder contents, but I keep getting access denied at the
>top level shared folder.
>
>Please can someone help me out, I'm going around in
>circles, and I'm convinced I'm just missing something
>simple.

Can't be done this way with Microsoft Networking - Novell Netware can.

The only workaround I know is to directly map the relevant directory for
the users in question:

To share:
Net Share Australia=D:\Data\Countries\Australia

To use:
Net Use G: \\Server\Australia

The latter obviously requires wrapping in some sort of group membership
test, like ifmember.exe (Resource Kit) or InGroup (KiXtart).

Good luck.

--
Michael Bednarek http://mbednarek.com/ "POST NO BILLS"
Anonymous
July 17, 2004 2:19:12 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Michael,

Thank you so much for getting back to me. I was afraid
that might be the case.

Many Thanks Again

Michelle


>-----Original Message-----
>On Fri, 16 Jul 2004 03:12:23 -0700, "Michelle T"
><anonymous@discussions.microsoft.com> wrote in
>microsoft.public.win2000.security:
>
>>I was hoping someone could help me with an small issue
>>I'm having with assigning permissions to users.
>>
>>This is my situation...
>>
>>I have a shared folder on the network with a number of
>>subdirecotires (lets say one for each country) and I
have
>>created groups of users for each of those country
>>folders. The problem I'm having is that I only want the
>>users to be able to view the folder for the country
that
>>they're allowed to access (ie not to see all the other
>>subdirectories in the share, I've tried a number of
>>different permission settings including denying list
>>folder contents, but I keep getting access denied at
the
>>top level shared folder.
>>
>>Please can someone help me out, I'm going around in
>>circles, and I'm convinced I'm just missing something
>>simple.
>
>Can't be done this way with Microsoft Networking -
Novell Netware can.
>
>The only workaround I know is to directly map the
relevant directory for
>the users in question:
>
>To share:
>Net Share Australia=D:\Data\Countries\Australia
>
>To use:
>Net Use G: \\Server\Australia
>
>The latter obviously requires wrapping in some sort of
group membership
>test, like ifmember.exe (Resource Kit) or InGroup
(KiXtart).
>
>Good luck.
>
>--
>Michael Bednarek http://mbednarek.com/ "POST NO
BILLS"
>.
>
Anonymous
July 17, 2004 6:09:01 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Ahhh, good point, must have missed that part of her requirements. Sorry.

That'll teach me to answer any posts at the end of a long day at work.

Keith

"Torgeir Bakken (MVP)" <Torgeir.Bakken-spam@hydro.com> wrote in message
news:e6iUFz1aEHA.3204@TK2MSFTNGP09.phx.gbl...
> Keith Langmead wrote:
>
> > Yes that is possible (just tested it on our network here).
> >
> > To do it, give all of the groups access to the root folder (NTFS and
Share
> > permissions), then on each of the subfolders, go into the security
(NTFS)
> > permissions on each folder, and de-select the 'Allow inheritable
permissions
> > from parent to propagate to this object', so you can change the
permissions.
> > Remove all of the groups except those you want to have access. Repeat
with
> > each sub-folder.
> >
> > You'll then find that each user can access the main share, and will see
all
> > the sub-folders, but will get an access denied on all folders except the
one
> > they've been given permissions to.
> Hi
>
> Well, then Michelle is just as far, because the main goal was to *not*
> see the sub-folders that the user did not have permissions to open.
>
>
> --
> torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
> Administration scripting examples and an ONLINE version of
> the 1328 page Scripting Guide:
> http://www.microsoft.com/technet/community/scriptcenter...
!